> On 25. Sep 2020, at 23:49, Mohtashim S wrote:
>
> How do we address this vulnerability of Jenkins?
https://www.jenkins.io/security/#reporting-vulnerabilities explains how to
report security issues.
Please make sure in your report to explain why it is a problem for Jenkins
beyond linking
We have noticed if we change the host header in HTTP request for Jenkins
and fire the request then Jenkins is vulnerable through http host header
injection.
Change the Jenkins request host header to say xyz.com, then it successfully
redirects to xyz.com.
How do we address this vulnerability
