Jean Marsault

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins version 2.32.2 Description: The issue is related to a persisted cross-site scripting in search suggestions. This occurs due to improperly escaping users with less-than and greater-than characters in their names. Recommendations: For Jenkins versions prior to 2.44, update to version 2.44 or later. For Jenkins version 2.32.2, update to a version later than 2.32.2.

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.32.2 Jenkins versions prior to 2.44 Description: The issue allows for a user creation CSRF using GET requests by administrators. This can lead to the creation of a large number of user records, although these records are typically only retained until the system restarts. Administrators' web browsers can be manipulated to create these user records. Recommendations: For versions prior to 2.32.2, update to version 2.32.2 or later. For versions prior to 2.44, update to version 2.44 or later.