Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Agent/Configure permission. References: https://www.jenkins.io/security/advisory/2020-07-15/
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:3453 https://access.redhat.com/errata/RHSA-2020:3453
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2224
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2020:3541 https://access.redhat.com/errata/RHSA-2020:3541
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2020:3625 https://access.redhat.com/errata/RHSA-2020:3625
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.3 Via RHSA-2020:4265 https://access.redhat.com/errata/RHSA-2020:4265