CVE-2020-2317

Name of the Vulnerable Software and Affected Versions Jenkins FindBugs Plugin versions 5.0.0 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to inject malicious code. This can be exploited by attackers who can provide report files to the Jenkins FindBugs Plugin's post-build step.

Recommendations For Jenkins FindBugs Plugin versions 5.0.0 and earlier, consider disabling the tooltips feature in the post-build step until a fix is available. Restrict access to the post-build step to minimize the risk of exploitation. Avoid using the Jenkins FindBugs Plugin with untrusted report files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.