[org.biouno:uno-choice] Stored XSS vulnerability in Jenkins Active Choices Plugin

Active Choices Plugin 2.4 and earlier does not escape List and Map return values of sandboxed scripts for Reactive Reference Parameter.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

This issue is caused by an incomplete fix for SECURITY-470.

Active Choices Plugin 2.5 escapes all legal return values of sandboxed scripts.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-2290
• https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2008
• http://www.openwall.com/lists/oss-security/2020/10/08/5
• https://github.com/advisories/GHSA-rjch-j5x9-fgph