Hi there, Thanks for the info.
Which pages are you seeing on Jenkins where this Javascript file is used, or where a Flash Player is embedded?
Regards, Chris On 03/02/15 15:48, Wt Riker wrote:
I found a vulnerability in flash player but it was simple enough to resolve myself. However this should be added to the next release. In the javascript file: .jenkins/war/scripts/yui/connection/connection-min.js This line: <param name="allowScriptAccess" value="always"> Needs to be changed to: <param name="allowScriptAccess" value="sameDomain"> This vulnerability makes it possible to steal or manipulate session cookies which might be used to impersonate a legitimate user.
-- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/54D0E3FD.2070308%40orr.me.uk. For more options, visit https://groups.google.com/d/optout.
