CVE-2022-28149

Name of the Vulnerable Software and Affected Versions Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the names of the secondary owners are not properly escaped, allowing attackers with Item/Configure permission to exploit this weakness.

Recommendations For Jenkins Job and Node ownership Plugin versions 0.13.0 and earlier, update to a version later than 0.13.0 to resolve the issue. As a temporary workaround, consider restricting access to the Item/Configure permission to minimize the risk of exploitation.