The vulnerability of the Jenkins Red Hat Dependency Analytics plugin, related to improper input handling during the creation of web pages, allows attackers to execute XSS attacks with control over files in the working areas.

The vulnerability of the Jenkins Red Hat Dependency Analytics plugin is related to the lack of Content-Security-Policy protection for user-generated content in working areas, archived artifacts, etc., which Jenkins provides for loading. Exploiting this vulnerability allows a malicious actor to...

GHSA-X22X-5PP9-8V7F Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. Red Hat Dependency Analytics Plugin 0.7.1 and earlier globally disables the...

Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. Red Hat Dependency Analytics Plugin 0.7.1 and earlier globally disables the...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Design/Logic Flaw

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2024-23905

CVE-2024-23905 — mode: normal Affected software: Jenkins Red Hat Dependency Analytics Plugin, version 0.7.1 and earlier. Root cause (as described): the plugin programmatically disables the Content-Security-Policy (CSP) header for user-generated content in workspaces, archived artifacts, and simil...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2024-2759 · Red Hat +2 · Jenkins Red Hat Dependency Analytics Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Red Hat Dependency Analytics Plugin versions 0.7.1 and earlier Description: The issue is related to the lack of Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers...

Jenkins plugins Multiple Vulnerabilities (2024-01-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...