Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Export User Data Cross-Site Scripting (1.3.1)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.8)
MySQL CVE-2015-4836 Vulnerability (CVE-2015-4836)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)