Description
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.
Remediation
References
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644
http://www.openwall.com/lists/oss-security/2020/02/12/3
Related Vulnerabilities
CVE-2022-36090 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-10467 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit
CVE-2022-23539 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2022-21222 Vulnerability in npm package css-what
CVE-2023-30331 Vulnerability in maven package com.ibeetl:beetl