Hello, Thanks for your report. I will let the Jenkins security team members to comment on that. Just for your information, we have an official process for reporting security vulnerabilities. I highly recommend following this process. Please see https://www.jenkins.io/security/#reporting-vulnerabilities
Best regards, Oleg Nenashev On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 [email protected] wrote: > Our web scans shows out-of-date version(YUI) vulnerability. I'm not able > to find anything on how to remediate this finding. Any help is appreciated. > TIA > Example : /static/01babc68/scripts/yui/yahoo/yahoo-min.js > Affected versions of the package are vulnerable to Cross-site > Scripting(XSS) via .swf files, allowing arbitary code injection into > hosting server CVE-2012-5881 CVE-2012-5883 > > *Jenkins version - 2.250 , windows 2012 server.* > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/15aa21d3-4fa1-4ac9-8bc9-631a1a16982cn%40googlegroups.com.
