jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts

A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders...

CVE-2017-1000386

Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...