CVE-2024-28153: Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
jenkins	appspider_plugin	—	—
jenkins	bitbucket_branch_source_plugin	—	—
jenkins	build_monitor_view_plugin	—	—
jenkins	delphix_plugin	—	—
jenkins	gitbucket_plugin	—	—
jenkins	html_publisher_plugin	—	—
jenkins	improper_input_sanitization_in_html_publisher_plugin	—	—
jenkins	mq_notifier_plugin	—	—
jenkins	owasp_dependency-check	< 5.4.6	5.4.6
jenkins	owasp_dependency-check_plugin	—	—
jenkins	subversion_partial_release_manager_plugin	—	—
jenkins	tls_certificate_validation_in_delphix_plugin	—	—
jenkins_project	jenkins_owasp_dependency-check_plugin	<= 5.4.5	—