Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
Related Vulnerabilities
CVE-2020-7238 Vulnerability in maven package io.netty:netty-all
CVE-2016-6812 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2020-11022 Vulnerability in maven package org.webjars:jquery
CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-core
CVE-2020-2218 Vulnerability in maven package org.jenkins-ci.plugins:hp-quality-center