Customizing Content Security Policy. It is strongly recommended to set up the Resource Root URL instead of customizing Content-Security-Policy. Most of ...
CSRF Protection. Note: API tokens are preferred ... Authentication (basic and API token via property or environment variable) ... URL is a Jenkins URL. ⇐ Change ...
Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve binary secrets (see note below). The attacker needs ...
Missing: book/ | Show results with:book/
Jul 12, 2023 · This vulnerability allows attackers to have Jenkins connect to an attacker-specified URL, capturing a newly generated JCLI token that allows ...
Missing: book/ | Show results with:book/
UNPROCESSED_PATHINFO to true . As an additional safeguard, semicolon ( ; ) characters in the path part of a URL are now banned by default. Administrators can ...
Missing: book/ | Show results with:book/
Aug 16, 2023 · This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified ...
Missing: book/ | Show results with:book/
Sep 6, 2023 · ... URL, when rendering an error message. This results in an HTML injection vulnerability. Since Jenkins 2.275 and LTS 2.263.2, a security ...
Missing: book/ | Show results with:book/
Document Jenkins on Kubernetes ... CSRF Protection · Rendering User Content · Access ... Once set, Jenkins will only serve resource URL requests via the resource ...
May 17, 2022 · This allows attackers with Overall/Read permission to send requests to an attacker-specified URL. Additionally, these endpoints do not require ...
Missing: book/ | Show results with:book/
Scripts that obtain a crumb using the /crumbIssuer/api URL will now fail to perform actions protected from CSRF unless the scripts retain the web session ID in ...
Missing: book/ | Show results with:book/