Cross-Site Scripting Vulnerability in Jenkins Cucumber Living Documentation Plugin 1.0.12 and Older

Cross-Site Scripting Vulnerability in Jenkins Cucumber Living Documentation Plugin 1.0.12 and Older

CVE-2018-1000144 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users.

Learn more about our Cis Benchmark Audit For Google Workspace.