A vulnerability was found in Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. Reference: http://www.openwall.com/lists/oss-security/2020/06/03/3
External References: https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1866
Hello Team, Script Security Plugin has already been already updated to 1.73 and doesn't need an update. Regards, Vibhav
Putting it back to new, updated by mistake. Meant to update for 3.11 earlier.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:3207 https://access.redhat.com/errata/RHSA-2020:3207
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2190
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2020:3625 https://access.redhat.com/errata/RHSA-2020:3625