CVE-2022-27202

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 53.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Extended Choice Parameter Plugin Jenkins Extended Choice Parameter

Timeline

PublishedMar 15

Latest updateMar 16

Description

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:extended-choice-parameter346.vd87693c5a

▶CVEListV5jenkins_project/jenkins_extended_choice_parameter_pluginunspecified — 346.vd87693c5a_86c

▶NVDjenkins/extended_choice_parameter346.vd87693c5a_86c

🔴Vulnerability Details

OSV

Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin↗2022-03-16

▶

GHSA

Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin↗2022-03-16

▶

CVEList

CVE-2022-27202: Jenkins Extended Choice Parameter Plugin 346↗2022-03-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-03-15↗2022-03-15

▶