Vulnerabilities > Jenkins > Cucumber Living Documentation > 1.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-05 | CVE-2018-1000144 | Cross-site Scripting vulnerability in Jenkins Cucumber Living Documentation A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | 4.3 |