CVE-2020-2152: 
Java vulnerability analysis and mitigation

Jenkins Subversion Release Manager Plugin version 1.2 and earlier contains a cross-site scripting (XSS) vulnerability identified as CVE-2020-2152. The vulnerability was discovered and disclosed on March 9, 2020. The issue affects the Repository URL field form validation functionality in the plugin (Jenkins Advisory, OSS Security).

The vulnerability is a reflected cross-site scripting (XSS) issue that occurs because the plugin does not properly escape error messages for the Repository URL field form validation. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (NVD).

This vulnerability can be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure permission. Successful exploitation could allow attackers to execute arbitrary web script or HTML in the context of other users' browsers (Jenkins Advisory).

As of the advisory publication date, there was no fix available for this vulnerability in the Subversion Release Manager Plugin. Users should consider restricting access to the Job/Configure permission and monitor for potential exploitation attempts (Jenkins Advisory).

The vulnerability was discovered and reported by Wadeck Follonier of CloudBees, Inc., indicating active security research within the Jenkins ecosystem (Jenkins Advisory).