The following flaw was found in Jenkins: Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01 Upstream patch: https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1a7f2ef41a74
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1418736]