Description
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Remediation
References
Related Vulnerabilities
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11039)
Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)
Oracle JRE CVE-2013-0424 Vulnerability (CVE-2013-0424)
MySQL CVE-2019-2592 Vulnerability (CVE-2019-2592)
WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1)