Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
{ "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" ], "severity": "Medium" }