Plastunov Andrey

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.640 Jenkins LTS versions prior to 1.625.2 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators. This is achieved through vectors related to the HTTP GET method, although the specific impact of these requests is not detailed. **Recommendations** For Jenkins versions prior to 1.640, update to version 1.640 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.640 Jenkins LTS versions prior to 1.625.2 **Description** The issue allows remote attackers to bypass the CSRF protection mechanism. **Recommendations** For Jenkins versions prior to 1.640, update to version 1.640 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2 **Description** A cross-site scripting (XSS) issue exists in the slave overview page, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via the slave offline status message. **Recommendations** For Jenkins versions prior to 1.638, update to version 1.638 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.