Jenkins Authorize Plugin Vulnerable to XSS Attacks
CVE-2024-52552
Currently unrated
Summary
The Jenkins Authorize Project Plugin versions prior to 1.7.3 contain a stored cross-site scripting (XSS) vulnerability. This issue arises when the plugin evaluates a potentially malicious string that contains the job name using JavaScript on the Authorization view. Attackers with Item/Configure permissions could exploit this weakness to inject arbitrary JavaScript code into affected Jenkins installations, potentially jeopardizing sensitive data and user sessions.
References
Timeline
Vulnerability published
Collectors
NVD Database