CVE-2020-2169

Name of the Vulnerable Software and Affected Versions Jenkins Queue cleanup Plugin versions 1.3 and earlier

Description The issue is related to a form validation endpoint in the Jenkins Queue cleanup Plugin that does not properly escape a query parameter displayed in an error message, resulting in a reflected cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks. The plugin's failure to protect its web page structure is a key factor in this vulnerability.

Recommendations For Jenkins Queue cleanup Plugin versions 1.3 and earlier, update to version 1.4 or later, which correctly escapes the query parameter and resolves the issue. As a temporary workaround, consider restricting access to the form validation endpoint until a patch is available.