CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-28157

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.9%

CVSS Severity

CVSS v3 Score 8.0

References

http://www.openwall.com/lists/oss-security/2024/03/06/3
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3249
http://www.openwall.com/lists/oss-security/2024/03/06/3
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3249

Products affected by CVE-2024-28157

Jenkins » Gitbucket » Version: 0.1

cpe:2.3:a:jenkins:gitbucket:0.1
Jenkins » Gitbucket » Version: 0.2

cpe:2.3:a:jenkins:gitbucket:0.2
Jenkins » Gitbucket » Version: 0.3

cpe:2.3:a:jenkins:gitbucket:0.3
Jenkins » Gitbucket » Version: 0.4

cpe:2.3:a:jenkins:gitbucket:0.4
Jenkins » Gitbucket » Version: 0.5.1

cpe:2.3:a:jenkins:gitbucket:0.5.1
Jenkins » Gitbucket » Version: 0.6

cpe:2.3:a:jenkins:gitbucket:0.6
Jenkins » Gitbucket » Version: 0.7

cpe:2.3:a:jenkins:gitbucket:0.7
Jenkins » Gitbucket » Version: 0.8

cpe:2.3:a:jenkins:gitbucket:0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-28157

Products

Pricing

Contact Us