CVE-2024-54003

High

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability…

jenkins·CWE-79·Published 2024-11-27

CVSS

8.0

EPSS

0.77

KEV

Exploits

cve.orgen

193 chars

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.

NVDen

193 chars

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.

OSV.deven

247 chars

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name.

GHSAen

247 chars

NVDes

224 chars

El complemento Jenkins Simple Queue 1.4.4 y versiones anteriores no escapan al nombre de la vista, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) Almacenadoque pueden explotar atacantes con permiso Ver/Crear.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.0	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H