Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting

2024-03-0618:30:38

Google

osv.dev

jenkins

build monitor view

cross-site scripting

xss

vulnerability

configuration

exploitable

attackers

software

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.

CPENameOperatorVersion
org.jenkins-ci.plugins:build-monitor-plugineq1.13+build.202201201754
org.jenkins-ci.plugins:build-monitor-plugineq1.0+build.33
org.jenkins-ci.plugins:build-monitor-plugineq1.9+build.201606131328
org.jenkins-ci.plugins:build-monitor-plugineq1.6+build.138
org.jenkins-ci.plugins:build-monitor-plugineq1.12+build.201704111018
org.jenkins-ci.plugins:build-monitor-plugineq1.12+build.201708172343
org.jenkins-ci.plugins:build-monitor-plugineq1.0+build.30
org.jenkins-ci.plugins:build-monitor-plugineq1.0+build.5
org.jenkins-ci.plugins:build-monitor-plugineq1.6+build.163
org.jenkins-ci.plugins:build-monitor-plugineq1.4+build.102

Name	Operator	Version
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.13+build.202201201754
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.0+build.33
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.9+build.201606131328
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.6+build.138
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.12+build.201704111018
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.12+build.201708172343
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.0+build.30
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.0+build.5
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.6+build.163
org.jenkins-ci.plugins:build-monitor-plugin	eq	1.4+build.102