Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Remediation
References
Related Vulnerabilities
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-8446)
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)
WordPress Plugin RestroPress-Online Food Ordering System Security Bypass (2.8.3)
WordPress Plugin Sermon Browser Cross-Site Scripting and SQL Injection Vulnerabilities (0.43)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2058)