Jenkins Authorize Plugin Vulnerable to XSS Attacks

CVE-2024-52552

Currently unrated 🤨

Key Information

Vendor: Jenkins
Vendor: CVE Published:; 13 November 2024

Summary

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Timeline

Vulnerability published.
Nov 13, 2024

Collectors

NVD Database