jenkins: Multiple vulnerabilities (CVE-2020-2229, CVE-2020-2230, CVE-2020-2231)
CVE-2020-2229: Stored XSS vulnerability in help icons.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.
CVE-2020-2230: Stored XSS vulnerability in project naming strategy.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description that is displayed on item creation.
CVE-2020-2231: Stored XSS vulnerability in 'Trigger builds remotely’.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely'.