CVE-2020-2163: 
Java vulnerability analysis and mitigation

CVE-2020-2163 is a stored Cross-Site Scripting (XSS) vulnerability discovered in Jenkins versions 2.227 and earlier, and LTS 2.204.5 and earlier. The vulnerability was disclosed on March 25, 2020, and affects the way Jenkins processes HTML content in list view column headers (Jenkins Advisory, NVD).

The vulnerability stems from Jenkins improperly processing HTML embedded in list view column headers. This vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The issue affects several plugins that allow users to define column headers, including Warnings NG, Maven Info, and Link Column plugins (Jenkins Advisory).

When exploited, this vulnerability allows attackers to execute stored cross-site scripting attacks through the column headers. The vulnerability is exploitable by users who have the ability to control column header content, potentially leading to unauthorized access to sensitive information or execution of malicious code in the context of other users' browsers (Jenkins Advisory).

The vulnerability was fixed in Jenkins weekly version 2.228 and LTS versions 2.204.6 and 2.222.1. The fix prevents Jenkins from processing HTML embedded in list view column headers. Users are strongly advised to upgrade to these versions or later to mitigate the vulnerability (Jenkins Advisory).