Description
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1771
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2021-29418 Vulnerability in npm package netmask
CVE-2013-4002 Vulnerability in maven package xerces:xercesimpl
CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http
CVE-2022-43433 Vulnerability in maven package io.jenkins.plugins:screenrecorder