Jonathan Bell

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier **Description** The issue results from a lack of restriction or filtering on values set as the Jenkins URL in the global configuration, leading to a stored XSS vulnerability. This can be exploited by attackers with Overall/Administer permission. **Recommendations** For Jenkins versions 2.196 and earlier, update to a version that includes the fix for this issue. For Jenkins LTS versions 2.176.3 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.