PT-2024-36010 · Jenkins · Jenkins Simple Queue Plugin+1
Swapna Nanda
·
Published
2024-11-27
·
Updated
2025-10-03
·
CVE-2024-54003
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Simple Queue Plugin versions 1.4.4 and earlier
Description:
The issue results in a stored cross-site scripting (XSS) vulnerability because the view name is not escaped. This vulnerability is exploitable by attackers with View/Create permission.
Recommendations:
For Jenkins Simple Queue Plugin versions 1.4.4 and earlier, update to version 1.4.5 to prevent exploitation.
As a temporary workaround, consider restricting the View/Create permission to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Simple Queue Plugin