GHSA-5j5r-6mv9-m255

Source

https://github.com/advisories/GHSA-5j5r-6mv9-m255

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-5j5r-6mv9-m255/GHSA-5j5r-6mv9-m255.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5j5r-6mv9-m255

Aliases

CVE-2024-28156

Published

2024-03-06T18:30:38Z

Modified

2025-03-28T00:10:01.191939Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting

Details

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.

Database specific

{
    "nvd_published_at": "2024-03-06T17:15:10Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2024-03-06T19:27:59Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true
}

References

Affected packages

Maven / org.jenkins-ci.plugins:build-monitor-plugin

Package

Name: org.jenkins-ci.plugins:build-monitor-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/build-monitor-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.14-860.vd06ef2568b

Affected versions

1.*

1.0+build.5

1.0+build.7

1.0+build.8

1.0+build.9

1.0+build.10

1.0+build.14

1.0+build.20

1.0+build.30

1.0+build.33

1.0+build.50

1.0+build.51

1.0+build.53

1.1+build.59

1.2+build.64

1.3+build.68

1.3+build.70

1.3+build.71

1.3+build.72

1.4+build.102

1.5+build.117

1.5+build.118

1.5+build.119

1.5+build.120

1.5+build.123

1.6+build.130

1.6+build.132

1.6+build.135

1.6+build.138

1.6+build.140

1.6+build.142

1.6+build.149

1.6+build.150

1.6+build.156

1.6+build.159

1.6+build.162

1.6+build.163

1.6+build.164

1.7+build.172

1.8+build.201601050116

1.8+build.201601052013

1.8+build.201601112328

1.9+build.201605021413

1.9+build.201606052339

1.9+build.201606131328

1.10+build.201608030223

1.10+build.201610041454

1.10+build.201611041949

1.11+build.201701152243

1.12+build.201704111018

1.12+build.201708172343

1.12+build.201805070054

1.12+build.201809041621

1.12+build.201809061734

1.13+build.202109302210

1.13+build.202110011108

1.13+build.202110011223

1.13+build.202111180915

1.13+build.202111181729

1.13+build.202111192133

1.13+build.202111200136

1.13+build.202111200525

1.13+build.202111200811

1.13+build.202111200854

1.13+build.202111201725

1.13+build.202111220004

1.13+build.202111221941

1.13+build.202111240043

1.13+build.202111250336

1.13+build.202111291630

1.13+build.202112011911

1.13+build.202112012056

1.13+build.202112022140

1.13+build.202112032101

1.13+build.202112032236

1.13+build.202112061615

1.13+build.202112201543

1.13+build.202112201608

1.13+build.202112271657

1.13+build.202112271752

1.13+build.202201031340

1.13+build.202201031417

1.13+build.202201031653

1.13+build.202201101545

1.13+build.202201101632

1.13+build.202201171452

1.13+build.202201171523

1.13+build.202201171559

1.13+build.202201171633

1.13+build.202201201754

1.13+build.202201201829

1.13+build.202201201901

1.13+build.202201221819

1.13+build.202201311606

1.13+build.202201311641

1.13+build.202201311744

1.13+build.202201311821

1.13+build.202202100032

1.13+build.202202112257

1.13+build.202202112334

1.13+build.202202120059

1.13+build.202202120254

1.13+build.202202141528

1.13+build.202202141611

1.13+build.202202151850

1.13+build.202202212113

1.13+build.202202281553

1.13+build.202203012346

1.13+build.202203020040

1.13+build.202203071536

1.13+build.202203141426

1.13+build.202203211645

1.13+build.202203211713

1.13+build.202203212026

1.13+build.202203221632

1.13+build.202204041554

1.13+build.202204041616

1.13+build.202204041635

1.13+build.202204111503

1.13+build.202204181545

1.13+build.202204241251

1.13+build.202205071934

1.13+build.202205140447

1.14-650.vb_43f505305f6

1.14-651.v429b_16b_db_60e

1.14-653.va_1c684a_30b_ff

1.14-667.vfb_ef30539e07

1.14-681.vd6817317a_2b_7

1.14-702.vf34cc4398955

1.14-717.v3efcdffe8d58

1.14-740.v1df20e5c64b_b_

1.14-744.v35fd6fa_a_26b_2

1.14-745.ve2023a_305f40

1.14-826.vb_a_c11536174d

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-5j5r-6mv9-m255/GHSA-5j5r-6mv9-m255.json"