GHSA-qg66-xv7v-m834

GitHub Security Advisory

Stored XSS vulnerability in computer-queue-plugin Plugin

✓ GitHub Reviewed HIGH Has CVE

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips.

Maven jenkins.ci.plugins.computerqueue:computer-queue-plugin

Affected versions: 0 (fixed in 1.6)

CVE-2020-2259

GHSA ID

GHSA-qg66-xv7v-m834

Published

May 24, 2022 5:28 PM

Last Modified

December 29, 2022 1:42 AM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

jenkins.ci.plugins.computerqueue:computer-queue-plugin

GitHub Reviewed

✓ Yes

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.