GHSA-PX4X-HJM5-W8X3 Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. XFramium Builder Plugin 1.0.22 and earlier globally disables the...

GHSA-CVXJ-4745-843X Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. ScreenRecorder Plugin 0.7 and earlier programmatically updates the Java system...

Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. ScreenRecorder Plugin 0.7 and earlier programmatically updates the Java system...

Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. XFramium Builder Plugin 1.0.22 and earlier globally disables the...

GHSA-7RRJ-HQV6-FVPP Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. NeuVector Vulnerability Scanner Plugin 1.20 and earlier globally disables the...

Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...

PT-2022-26917 · Jenkins · Jenkins Screenrecorder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ScreenRecorder Plugin versions 0.7 and earlier Description: The issue concerns the Jenkins ScreenRecorder Plugin, which programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived...

Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts. ZAP Pipeline Plugin prior to 1.10 globally disables the Content-Security-Policy header for static files served by Jenkin...

GHSA-4C87-9XQ5-5C35 Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts. ZAP Pipeline Plugin prior to 1.10 globally disables the Content-Security-Policy header for static files served by Jenkin...