Vulnerability in Jenkins Project Simple Queue Plugin
CVE-2024-54003
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.
EPSS: 0.775 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Simple Queue Plugin — versions 0
References
- Jenkins Security Advisory 2024-11-27 (vendor-advisory)