Hi there, Thanks for the info.
Which pages are you seeing on Jenkins where this Javascript file is used, or where a Flash Player is embedded?
Regards, Chris On 03/02/15 15:48, Wt Riker wrote:
I found a vulnerability in flash player but it was simple enough to resolve myself. However this should be added to the next release. In the javascript file: .jenkins/war/scripts/yui/connection/connection-min.js This line: <param name="allowScriptAccess" value="always"> Needs to be changed to: <param name="allowScriptAccess" value="sameDomain"> This vulnerability makes it possible to steal or manipulate session cookies which might be used to impersonate a legitimate user.
-- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/54D0E3FD.2070308%40orr.me.uk. For more options, visit https://groups.google.com/d/optout.
