Cloudbees · Jenkins · CVE-2016-3726
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 2.3
Jenkins LTS versions prior to 1.651.2
**Description**
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to scheme-relative URLs.
**Recommendations**
For Jenkins versions prior to 2.3, update to version 2.3 or later.
For Jenkins LTS versions prior to 1.651.2, update to version 1.651.2 or later.