2022-06-22 14:40:53
jenkins
PUBLISHED
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of tooltip parameters, resulting in a cross-site scripting (XSS) vulnerability.