[org.jenkins-ci.main:jenkins-core] Stored XSS vulnerability in Jenkins job build time trend

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.

Jenkins 2.245, LTS 2.235.2 escapes the agent name.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-2220
• https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1868
• http://www.openwall.com/lists/oss-security/2020/07/15/5
• https://github.com/advisories/GHSA-qgj4-rc8m-44mq