Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. Known previously unsafe sources for these suggestions include the names of loggers in the log recorder condition, and agent labels. External References: https://jenkins.io/security/advisory/2017-11-08/
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1516794] Affects: openshift-1 [bug 1516795]