jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins…Read More
Cross-Site WebSocket Hijacking (CSWSH)
