We have noticed if we change the host header in HTTP request for Jenkins and fire the request then Jenkins is vulnerable through http host header injection.
Change the Jenkins request host header to say xyz.com, then it successfully redirects to xyz.com. How do we address this vulnerability of Jenkins? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3706acc8-6a71-4a69-b17b-ec2f35ec1ed6n%40googlegroups.com.
