Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...

Improper Neutralization of Input During Web Page Generation in Jenkins

Уязвимость сервера автоматизации Jenkins, связанная с отсутствием HTTP-заголовков Content-Security-Policy, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)