GHSA-7RRJ-HQV6-FVPP Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

GHSA-346G-JRX9-JGF4 Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

CVE-2019-10466

CVE-2019-10466 is an XXE vulnerability in the Jenkins 360 FireLine Plugin. The issue arises when an attacker with Overall/Read access can cause Jenkins to resolve external entities, enabling extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service. Public re...