Jenkins GitBucket Plugin vulnerable to XSS exploitation
CVE-2024-28157

Currently unrated

Key Information:

Vendor: Jenkins
Status: Jenkins Gitbucket Plugin
Vendor: CVE Published:; 6 March 2024

Summary

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Affected Version(s)

Jenkins GitBucket Plugin 0 <= 0.8

References

https://www.jenkins.io/security/advisory/2024-03-06/#SECU...

vendor-advisory

Timeline

Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Mar 5, 2024