VYPR

Jenkins Simple Queue Plugin

by Jenkins Project

CVEs (4)

  • CVE-2020-2169MedMar 25, 2020
    risk 0.33cvss 6.1epss 0.01

    A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.

  • CVE-2020-2259MedSep 16, 2020
    risk 0.28cvss 5.4epss 0.01

    Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

  • CVE-2024-54003Nov 27, 2024
    risk 0.03cvss epss 0.77

    Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.

  • CVE-2025-31723Apr 2, 2025
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.