cbcvebase.
CVE-2024-28156
published 2024-03-06

CVE-2024-28156: Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting…

PriorityP342medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
80.17%
99.6th percentile
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.

Affected

13 ranges
VendorProductVersion rangeFixed in
jenkinsappspider_plugin
jenkinsbitbucket_branch_source_plugin
jenkinsbuild_monitor_view<= 1.14-860.vd06ef2568b_3f
jenkinsbuild_monitor_view_plugin
jenkinsdelphix_plugin
jenkinsgitbucket_plugin
jenkinshtml_publisher_plugin
jenkinsimproper_input_sanitization_in_html_publisher_plugin
jenkinsmq_notifier_plugin
jenkinsowasp_dependency-check_plugin
jenkinssubversion_partial_release_manager_plugin
jenkinstls_certificate_validation_in_delphix_plugin
jenkins_projectjenkins_build_monitor_view_plugin<= 1.14-860.vd06ef2568b_3f
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.