Cloudbees · Jenkins · CVE-2017-2601
Name of the Vulnerable Software and Affected Versions:
Jenkins versions prior to 2.44
Jenkins versions prior to 2.32.2
Description:
The issue concerns a persisted cross-site scripting vulnerability in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
Recommendations:
For versions prior to 2.44, update to version 2.44 or later.
For versions prior to 2.32.2, update to version 2.32.2 or later.