CVE-2016-3101

Name of the Vulnerable Software and Affected Versions Jenkins Extra Columns plugin versions prior to 1.17

Description A cross-site scripting (XSS) issue exists due to the failure to filter tool tips through the configured markup formatter, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For versions prior to 1.17, update to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the Extra Columns plugin until the update is applied.