Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Jenkins
Jenkins icescrum |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:jenkins:icescrum:-:*:*:*:*:jenkins:*:* | |
Vendors & Products |
Jenkins
Jenkins icescrum |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2024-03-06T17:02:01.368Z
Updated: 2024-11-07T16:58:55.917Z
Reserved: 2024-03-05T19:29:05.205Z
Link: CVE-2024-28160
Vulnrichment
Updated: 2024-08-02T00:48:49.535Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T17:15:11.040
Modified: 2024-11-07T17:35:16.407
Link: CVE-2024-28160
Redhat
No data.