Description
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2018-1304 Vulnerability (CVE-2018-1304)
MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)