CVE-2017-17383

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.94

Description The issue allows remote authenticated administrators to conduct cross-site scripting (XSS) attacks by crafting a tool name in a job configuration form. This can be demonstrated using the JDK tool in Jenkins core and the Ant tool in the Ant plugin.

Recommendations For versions prior to 2.94, update to version 2.94 or later to resolve the issue. As a temporary workaround, consider restricting access to job configuration forms to minimize the risk of exploitation.