We have noticed if we change the host header in HTTP request for Jenkins and fire the request then Jenkins is vulnerable through http host header injection.
Change the Jenkins request host header to say xyz.com, then it successfully redirects to xyz.com.
How do we address this vulnerability of Jenkins?