Jenkins Security Advisory 2012-09-17 The second vulnerability in Jenkins core is a cross-site scripting vulnerability. This allows an attacker to craft a URL that points to Jenkins, and if a legitimate user clicks this link, the attacker will be able to hijack the user session. The following versions incorporate fixes to the vulnerabilities found in the Jenkins core. -Main line users should upgrade to Jenkins 1.482 -LTS users should upgrade to 1.466.2 External reference: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb