Jenkins Gatling Plugin Vulnerability Let Attackers Bypass Content-Security-Policy Protection

A critical cross-site scripting (XSS) vulnerability in the popular Jenkins Gatling Plugin allows attackers to bypass Content-Security-Policy (CSP) protections.  The vulnerability, tracked as CVE-2025-5806, affects Gatling Plugin version 136.vb_9009b_3d33a_e and poses significant risks to Jenkins environments utilizing this performance testing integration tool. The vulnerability stems from how Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling performance testing reports […]

The post Jenkins Gatling Plugin Vulnerability Let Attackers Bypass Content-Security-Policy Protection appeared first on Cyber Security News.