Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.

References

Published by the National Vulnerability Database Mar 6, 2024

Published to the GitHub Advisory Database Mar 6, 2024

Reviewed Mar 6, 2024

Last updated May 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code