CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

GHSA-4C87-9XQ5-5C35 Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts. ZAP Pipeline Plugin prior to 1.10 globally disables the Content-Security-Policy header for static files served by Jenkin...

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2020-15429 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins ZAP Pipeline Plugin versions 1.9 and earlier Jenkins versions prior to 2.228 excluding 2.227 and older, 2.204.5 and older, due to different security concerns Jenkins versions 2.228 through 2.230 Jenkins 2.222.x LTS versions Jenkins...