VDB
CISA-2024-54003
CISA-2024-54003
PUBLISHED
CVSS 8 HIGH
Reported by jenkins · Published November 27, 2024
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins Project | Jenkins Simple Queue Plugin | 0 |
| jenkins_project | jenkins_simple_queue_plugin | 0, 0 |
| Jenkins Project | Jenkins Simple Queue Plugin | 0, 0 |
Timeline
- Nov 27, 2024 CVE Published
- Nov 27, 2024 CVE Updated
References
- Jenkins Security Advisory 2024-11-27 vendor-advisory