Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability.
Created jenkins tracking bugs for this issue: Affects: fedora-31 [bug 1874831]
External References: https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:3841 https://access.redhat.com/errata/RHSA-2020:3841
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2229
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2020:4220 https://access.redhat.com/errata/RHSA-2020:4220
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2020:4223 https://access.redhat.com/errata/RHSA-2020:4223