CVE-2020-2122: 
Java vulnerability analysis and mitigation

CVE-2020-2122 affects the Jenkins Brakeman Plugin versions 0.12 and earlier. The vulnerability was discovered and disclosed on February 12, 2020. This security issue involves a stored cross-site scripting (XSS) vulnerability where values received from parsed JSON files were not properly escaped when rendering them (Jenkins Advisory, NVD).

The vulnerability is classified as a stored cross-site scripting (XSS) issue with a medium severity CVSS rating. The security flaw occurs when the plugin processes JSON files and renders their values without proper escaping, which could allow malicious content to be stored and executed (Jenkins Advisory).

This vulnerability can be exploited by users who have the ability to control the Brakeman post-build step input data. When successfully exploited, it allows for stored cross-site scripting attacks, potentially leading to session hijacking, malicious page modifications, or other client-side attacks (Jenkins Advisory).

The issue has been fixed in Brakeman Plugin version 0.13, which properly escapes affected values from the parsed file as they are recorded. It's important to note that this fix is only applied to newly recorded data after installing the fixed version; historical data may still contain unsafe values. Users are advised to upgrade to version 0.13 or later (Jenkins Advisory).