CVE-2022-27202
published 2022-03-15CVE-2022-27202: Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_credentials_plugin | — | — |
| jenkins | dashboard_view_plugin | — | — |
| jenkins | environment_dashboard_plugin | — | — |
| jenkins | extended_choice_parameter | <= 346.vd87693c5a_86c | — |
| jenkins | extended_choice_parameter_plugin | — | — |
| jenkins | favorite_plugin | — | — |
| jenkins | folder-based_authorization_strategy_plugin | — | — |
| jenkins | gitlab_authentication_plugin | — | — |
| jenkins | list_git_branches_parameter_plugin | — | — |
| jenkins | parameterized_trigger_plugin | — | — |
| jenkins | release_helper_plugin | — | — |
| jenkins | semantic_versioning_plugin | — | — |
| jenkins | vmware_vrealize_codestream_plugin | — | — |
| jenkins_project | jenkins_extended_choice_parameter_plugin | unspecified – 346.vd87693c5a_86c | — |