CVE-2020-2259
maven/jenkins.ci.plugins.computerqueue/computer-queue-plugin
Cross-site Scripting
Jenkins computer-queue-plugin Plugin does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
All versions up to 1.5
Unfortunately, there is no solution available yet.
2020-09-17
source |