Jenkins Dependency-Check Plugin vulnerable to Stored XSS

CVE-2024-28153

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Owasp Dependency-check Plugin
Vendor: CVE Published:; 6 March 2024

Summary

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected Version(s)

Jenkins OWASP Dependency-Check Plugin <= 5.4.5

Timeline

Vulnerability published.
Mar 6, 2024
Vulnerability Reserved.
Mar 5, 2024

Collectors

NVD DatabaseMitre Database