CVE-2020-2161

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier

Description The issue arises from the improper escaping of node labels shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability. This vulnerability can be exploited by users who have the ability to define node labels, potentially allowing remote attackers to perform cross-site scripting attacks.

Recommendations For Jenkins versions 2.227 and earlier, update to a version that properly escapes node labels to prevent stored XSS vulnerabilities. For Jenkins LTS versions 2.204.5 and earlier, update to a version that properly escapes node labels to prevent stored XSS vulnerabilities. As a temporary workaround, consider restricting the ability to define node labels to minimize the risk of exploitation.