Description
Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1803
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2018-1273 Vulnerability in maven package org.springframework.data:spring-data-commons
CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors
CVE-2021-36374 Vulnerability in maven package org.apache.ant:ant