CVE-2022-20615

Name of the Vulnerable Software and Affected Versions Jenkins Matrix Project Plugin versions 1.19 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape HTML metacharacters in node and label names, and label descriptions. This vulnerability is exploitable by attackers with Agent/Configure permission.

Recommendations For Jenkins Matrix Project Plugin versions 1.19 and earlier, update to version 1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's configuration to minimize the risk of exploitation. Avoid using the plugin's features that allow input of node and label names, and label descriptions, until the issue is resolved.