CVE-2023-35141: In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. Please bump.
jenkins-bin 2.410 has been added and vulnerable versions have been removed.
Thanks!