Cloudbees · Jenkins · CVE-2015-7536
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.640
Jenkins LTS versions prior to 1.625.2
**Description**
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
**Recommendations**
For Jenkins versions prior to 1.640, update to version 1.640 or later.
For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.