The host is installed with Jenkins rolling release 2.367 through 2.369 is prone to a cross-site scripting vulnerability. The flaw is present in the application, which fails to properly handle tooltips of the l:helpIcon UI component used for some help icons. Successful exploitation could allow attackers to control tooltips for this component.