Thank you, Oleg. Thank you for sharing the link to report the vulnerabilities. Appreciate your help!
On Sunday, May 30, 2021 at 2:46:39 PM UTC-4 [email protected] wrote: > Hello, > > Thanks for your report. I will let the Jenkins security team members to > comment on that. Just for your information, we have an official process for > reporting security vulnerabilities. I highly recommend following this > process. Please see > https://www.jenkins.io/security/#reporting-vulnerabilities > > Best regards, > Oleg Nenashev > > > > On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 [email protected] wrote: > >> Our web scans shows out-of-date version(YUI) vulnerability. I'm not able >> to find anything on how to remediate this finding. Any help is appreciated. >> TIA >> Example : /static/01babc68/scripts/yui/yahoo/yahoo-min.js >> Affected versions of the package are vulnerable to Cross-site >> Scripting(XSS) via .swf files, allowing arbitary code injection into >> hosting server CVE-2012-5881 CVE-2012-5883 >> >> *Jenkins version - 2.250 , windows 2012 server.* >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/551379fa-d0b6-401e-b369-dbc40721f587n%40googlegroups.com.
