Jenkins Simple Queue Plugin Security Update Advisory (CVE-2024-54003)
Overview
An update has been released to address vulnerabilities in Jenkins Simple Queue Plugin. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-54003
- Jenkins Simple Queue plugin versions: ~ 1.4.4 (inclusive)
Resolved Vulnerabilities
Saved cross-site scripting (XSS) vulnerability due to failure to escape view names, which can be exploited by attackers with View/Create privileges (CVE-2024-54003)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-54003
- Jenkins Simple Queue plugin version: 1.4.5
Referenced Sites
[1] CVE-2024-54003 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-54003
[2] Jenkins Security Advisory 2024-11-27
https://www.jenkins.io/security/advisory/2024-11-27/#SECURITY-3467