High severityNVD Advisory· Published Nov 27, 2024· Updated Nov 27, 2024
CVE-2024-54003
CVE-2024-54003
Description
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:simple-queueMaven | < 1.4.5 | 1.4.5 |
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-4gwv-fpmg-cmv2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-54003ghsaADVISORY
- www.jenkins.io/security/advisory/2024-11-27/ghsavendor-advisoryWEB
News mentions
0No linked articles in our index yet.