Avram Marius Gabriel

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.482 Jenkins LTS versions prior to 1.466.2 **Description** The issue allows remote attackers with read access and HTTP access to the Jenkins master to insert data and execute arbitrary code. **Recommendations** For Jenkins versions prior to 1.482, update to version 1.482 or later. For Jenkins LTS versions prior to 1.466.2, update to version 1.466.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.482 Jenkins LTS versions prior to 1.466.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. This is a Cross-site Scripting (XSS) issue. **Recommendations** For Jenkins versions prior to 1.482, update to version 1.482 or later. For Jenkins LTS versions prior to 1.466.2, update to version 1.466.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.482 Jenkins LTS versions prior to 1.466.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the Violations plugin, which can lead to Cross-site Scripting (XSS) attacks. **Recommendations** For Jenkins versions prior to 1.482, update to version 1.482 or later. For Jenkins LTS versions prior to 1.466.2, update to version 1.466.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.482 Jenkins LTS versions prior to 1.466.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the CI game plugin, which can lead to Cross-site Scripting (XSS) attacks. **Recommendations** For Jenkins versions prior to 1.482, update to version 1.482 or later. For Jenkins LTS versions prior to 1.466.2, update to version 1.466.2 or later.