SECURITY-95 is considered medium as it allows low-privilege users to perform limited XSS in certain configurations. SECURITY-225 is considered high as it allows unprivileged attackers to perform some administrative actions via CSRF. SECURITY-233 is considered high as it allows unprivileged attackers to circumvent CSRF protection. SECURITY-234 is considered high as it allows attackers able to manipulate the network path between Jenkins and the update site to install and run arbitrary code on Jenkins. I updated the ebuilds in both slots and removed the vulnerable versions.
great job. closing as noglsa