Stored Cross-Site Scripting Vulnerability in Jenkins Simple Queue Plugin
CVE-2024-54003

Currently unrated

Key Information:

Vendor
Jenkins
Vendor
CVE Published:
27 November 2024

Summary

The Simple Queue Plugin for Jenkins, in versions up to and including 1.4.4, contains a significant vulnerability where the view name is not properly escaped. This lack of escaping can be exploited by attackers who hold View/Create permissions, allowing them to inject malicious scripts into views that may be executed in the context of other users' sessions. This vulnerability exposes Jenkins installations to potential data breaches and unauthorized access, necessitating immediate attention from administrators to ensure proper updates and mitigations are applied.

References

https://www.jenkins.io/security/advisory/2024-11-27/#SECU...

Timeline

  • Vulnerability published

Collectors

NVD Database
.