Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins Project |
|
No data.
No data.
References
History
Thu, 14 Nov 2024 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins Project
Jenkins Project jenkins Authorize Project Plugin |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:jenkins_project:jenkins_authorize_project_plugin:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Jenkins Project
Jenkins Project jenkins Authorize Project Plugin |
|
| Metrics |
cvssV3_1
|
Wed, 13 Nov 2024 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2024-11-13T20:53:02.325Z
Updated: 2024-11-14T15:00:22.308Z
Reserved: 2024-11-12T15:28:28.980Z
Link: CVE-2024-52552
Vulnrichment
Updated: 2024-11-14T15:00:13.220Z
NVD
Status : Awaiting Analysis
Published: 2024-11-13T21:15:29.410
Modified: 2024-11-15T14:00:09.720
Link: CVE-2024-52552
Redhat
No data.