Vulnerability Details CVE-2024-28156
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.357
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-28156
-
cpe:2.3:a:jenkins:build_monitor_view:-
-
cpe:2.3:a:jenkins:build_monitor_view:1.0
-
cpe:2.3:a:jenkins:build_monitor_view:1.1
-
cpe:2.3:a:jenkins:build_monitor_view:1.10
-
cpe:2.3:a:jenkins:build_monitor_view:1.11
-
cpe:2.3:a:jenkins:build_monitor_view:1.12
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-650.vb_43f505305f6
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-651.v429b_16b_db_60e
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-653.va_1c684a_30b_ff
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-667.vfb_ef30539e07
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-681.vd6817317a_2b_7
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-702.vf34cc4398955
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-717.v3efcdffe8d58
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-740.v1df20e5c64b_b
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-744.v35fd6fa_a_26b_2
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-745.ve2023a_305f40
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-826.vb_a_c11536174d
-
cpe:2.3:a:jenkins:build_monitor_view:1.14-860.vd06ef2568b_3f
-
cpe:2.3:a:jenkins:build_monitor_view:1.2
-
cpe:2.3:a:jenkins:build_monitor_view:1.3
-
cpe:2.3:a:jenkins:build_monitor_view:1.4
-
cpe:2.3:a:jenkins:build_monitor_view:1.5
-
cpe:2.3:a:jenkins:build_monitor_view:1.6
-
cpe:2.3:a:jenkins:build_monitor_view:1.7
-
cpe:2.3:a:jenkins:build_monitor_view:1.8
-
cpe:2.3:a:jenkins:build_monitor_view:1.9