CVE-2024-28157

Name of the Vulnerable Software and Affected Versions Jenkins GitBucket Plugin versions 0.8 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. This occurs because Gitbucket URLs on build views are not properly sanitized, allowing attackers who can configure jobs to exploit this weakness.

Recommendations For Jenkins GitBucket Plugin versions 0.8 and earlier, consider disabling the build view feature until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to job configuration to minimize the risk of attackers exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.