Cloudbees · Jenkins · CVE-2016-0789
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.650
Jenkins LTS versions prior to 1.642.2
**Description**
The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
**Recommendations**
For Jenkins versions prior to 1.650, update to version 1.650 or later.
For Jenkins LTS versions prior to 1.642.2, update to version 1.642.2 or later.