Swapna Nanda

**Name of the Vulnerable Software and Affected Versions** Jenkins Simple Queue Plugin versions 1.4.6 and earlier **Description** A cross-site request forgery (CSRF) issue allows attackers to change and reset the build queue order. **Recommendations** For Jenkins Simple Queue Plugin versions 1.4.6 and earlier, update to a version later than 1.4.6 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.4 and earlier Description: The issue results in a stored cross-site scripting (XSS) vulnerability because the view name is not escaped. This vulnerability is exploitable by attackers with View/Create permission. Recommendations: For Jenkins Simple Queue Plugin versions 1.4.4 and earlier, update to version 1.4.5 to prevent exploitation. As a temporary workaround, consider restricting the View/Create permission to minimize the risk of exploitation.