Cloudbees · Jenkins · CVE-2017-17383
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 2.94
**Description**
The issue allows remote authenticated administrators to conduct cross-site scripting (XSS) attacks by crafting a tool name in a job configuration form. This can be demonstrated using the JDK tool in Jenkins core and the Ant tool in the Ant plugin.
**Recommendations**
For versions prior to 2.94, update to version 2.94 or later to resolve the issue. As a temporary workaround, consider restricting access to job configuration forms to minimize the risk of exploitation.