Jenkins iceScrum Plugin vulnerable to XSS exploitation
CVE-2024-28160

Currently unrated

Key Information:

Vendor
Jenkins
Status
Jenkins Icescrum Plugin
Vendor
CVE Published:
6 March 2024

Summary

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Affected Version(s)

Jenkins iceScrum Plugin 0 <= 1.1.6

References

https://www.jenkins.io/security/advisory/2024-03-06/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/03/06/3

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.