← volver
CVE-2024-28150

CVE-2024-28150

CVSS 4.7 MEDIUMEPSS 0.7%CWE-79
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Productos afectados
Jenkins Project · Jenkins HTML Publisher Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302http://www.openwall.com/lists/oss-security/2024/03/06/3