CVE-2024-28156
published 2024-03-06CVE-2024-28156: Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting…
PriorityP342medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
80.17%
99.6th percentile
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appspider_plugin | — | — |
| jenkins | bitbucket_branch_source_plugin | — | — |
| jenkins | build_monitor_view | <= 1.14-860.vd06ef2568b_3f | — |
| jenkins | build_monitor_view_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | gitbucket_plugin | — | — |
| jenkins | html_publisher_plugin | — | — |
| jenkins | improper_input_sanitization_in_html_publisher_plugin | — | — |
| jenkins | mq_notifier_plugin | — | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | subversion_partial_release_manager_plugin | — | — |
| jenkins | tls_certificate_validation_in_delphix_plugin | — | — |
| jenkins_project | jenkins_build_monitor_view_plugin | <= 1.14-860.vd06ef2568b_3f | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
osv·2024-03-06
CVE-2024-28156 [MEDIUM] Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
GHSA
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
ghsa·2024-03-06
CVE-2024-28156 [MEDIUM] CWE-79 Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
Jenkins
Jenkins Security Advisory 2024-03-06
vendor_jenkins·2024-03-06·CVSS 5.9
CVE-2023-48795 [MEDIUM] Jenkins Security Advisory 2024-03-06
Title: Jenkins Security Advisory 2024-03-06
Jenkins Security Advisory 2024-03-06
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
AppSpider
Plugin
Bitbucket Branch Source
Plugin
Build Monitor View
Plugin
Delphix
Plugin
Delphix
Plugin
docker-build-step
Plugin
GitBucket
Plugin
HTML Publisher
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-06
Published