Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
{
"cpe": [
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.263.1"
},
{
"last_affected": "2.274"
}
]
}