Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-5j5r-6mv9-m255 | Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 27 Mar 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 19 Jan 2025 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins
Jenkins build Monitor View |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:jenkins:build_monitor_view:*:*:*:*:*:jenkins:*:* | |
| Vendors & Products |
Jenkins
Jenkins build Monitor View |
|
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2025-03-27T21:10:39.461Z
Reserved: 2024-03-05T19:29:05.205Z
Link: CVE-2024-28156
Vulnrichment
Updated: 2024-08-02T00:48:49.459Z
NVD
Status : Modified
Published: 2024-03-06T17:15:10.837
Modified: 2025-03-27T21:15:47.350
Link: CVE-2024-28156
Redhat
No data.
OpenCVE Enrichment
No data.