-
Improvement
-
Resolution: Not A Defect
-
Major
-
None
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Affected JQuery Versions: 1.8.0 to 2.2.4
The latest version of Jenkins is using 1.12.4.
Based on
[#CVE-2015-9251
It is a bad practice to use outdated libraries with known security vulnerabilities. The solution to this is to update Jquery to 3+ version.