Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. Red Hat Dependency Analytics Plugin 0.7.1 and earlier globally disables the...

GHSA-X22X-5PP9-8V7F Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. Red Hat Dependency Analytics Plugin 0.7.1 and earlier globally disables the...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Design/Logic Flaw

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2024-23905

CVE-2024-23905 — mode: normal Affected software: Jenkins Red Hat Dependency Analytics Plugin, version 0.7.1 and earlier. Root cause (as described): the plugin programmatically disables the Content-Security-Policy (CSP) header for user-generated content in workspaces, archived artifacts, and simil...

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2024-2759 · Red Hat +2 · Jenkins Red Hat Dependency Analytics Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Red Hat Dependency Analytics Plugin versions 0.7.1 and earlier Description: The issue is related to the lack of Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers...

Jenkins plugins Multiple Vulnerabilities (2024-01-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...