CVE-2020-2290
CVE-2020-2290 affects Jenkins Active Choices Plugin 2.4 and earlier. The vulnerability arises because some return values of sandboxed scripts for Reactive Reference Parameters (notably List and Map) are not escaped, enabling stored XSS. Exploitation requires Job/Configure permission. The issue is...