2 matches found
CVE-2020-2214
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2020-2214
CVE-2020-2214: Jenkins ZAP Pipeline Plugin ≤1.9 disables Content-Security-Policy for user-generated content in workspaces, archived artifacts, and related download paths, enabling cross-site scripting risks. Affected software spans the ZAP Pipeline Plugin (1.9 and earlier) and various Jenkins ver...