Jenkins iceScrum Plugin vulnerable to XSS exploitation

CVE-2024-28160

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Icescrum Plugin
Vendor: CVE Published:; 6 March 2024

Summary

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Affected Version(s)

Jenkins iceScrum Plugin <= 1.1.6

Timeline

Vulnerability published.
Mar 6, 2024
Vulnerability Reserved.
Mar 5, 2024

Collectors

NVD DatabaseMitre Database