Antoine Musso

**Name of the Vulnerable Software and Affected Versions** Gerrit (affected versions not specified) **Description** The issue arises when any git operation is passed through Jetty, creating a session without an expiry date. Since Jetty does not automatically dispose of the session, multiple git actions can lead to heap memory exhaustion for Gerrit servers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.640 Jenkins LTS versions prior to 1.625.2 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. **Recommendations** For Jenkins versions prior to 1.640, update to version 1.640 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.