[org.jenkins-ci.plugins:svn-partial-release-mgr] XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation.

This results in a reflected cross-site scripting (XSS) vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure permission.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-2199
• https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1726
• http://www.openwall.com/lists/oss-security/2020/06/03/3
• https://github.com/advisories/GHSA-qmf3-w5jf-cv54