Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
The information has been provided by Vendor
The original article can be found at https://www.jenkins.io/security/advisory/2020-03-09/#SECURITY-1723
This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
Git Plugin 4.2.0
Published Date: 03/06/2020