This advisory announces vulnerabilities in these Jenkins plugins:
Reflected Cross-Site Scripting vulnerability in Delivery Pipeline plugin
SECURITY-640 / CVE-2017-1000404
Delivery Pipeline Plugin used the unescaped content of the query parameter fullscreen in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
The plugin now converts the value to a boolean (true/false) and inserts that into the page instead.