CVE-2020-2163

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier

Description The issue is related to improper processing of HTML content in list view column headers, resulting in a stored XSS vulnerability. This vulnerability can be exploited by users who have control over column headers, potentially allowing for cross-site scripting attacks. The vulnerability is also described as being related to errors in processing HTTP headers, which can enable a remote attacker to perform inter-site script attacks.

Recommendations For Jenkins versions 2.227 and earlier, update to a version later than 2.227 to resolve the issue. For Jenkins LTS versions 2.204.5 and earlier, update to a version later than 2.204.5 to resolve the issue. As a temporary workaround, consider restricting access to the list view column headers to minimize the risk of exploitation.