Jenkins GitBucket Plugin vulnerable to XSS exploitation

CVE-2024-28157

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Gitbucket Plugin
Vendor: CVE Published:; 6 March 2024

Summary

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Affected Version(s)

Jenkins GitBucket Plugin <= 0.8

Timeline

Vulnerability published.
Mar 6, 2024
Vulnerability Reserved.
Mar 5, 2024

Collectors

NVD DatabaseMitre Database