A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.