Babaucafor

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2 **Description** The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the Host or X-Forwarded-Host HTTP request headers, which can be exploited through DNS rebinding attacks to bypass origin validation. **Recommendations** Update to a newer version than 2.554. Update to a newer LTS version than 2.541.2.