Jenkins Authorize Plugin Vulnerable to XSS Attacks
CVE-2024-52552
Currently unrated
What is CVE-2024-52552?
The Jenkins Authorize Project Plugin versions prior to 1.7.3 contain a stored cross-site scripting (XSS) vulnerability. This issue arises when the plugin evaluates a potentially malicious string that contains the job name using JavaScript on the Authorization view. Attackers with Item/Configure permissions could exploit this weakness to inject arbitrary JavaScript code into affected Jenkins installations, potentially jeopardizing sensitive data and user sessions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.