CVE-2022-20615
maven/org.jenkins-ci.plugins/matrix-project
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Matrix Project Plugin does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure
permission.
All versions up to 1.19
Unfortunately, there is no solution available yet.
2022-01-19
source |