Jenkins Continuous Integration with Toad Edge Plugin 2.3 and previous versions does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins continuous integration with toad edge |