CVE-2022-29038
published 2022-04-12CVE-2022-29038: Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_step_plugin | — | — |
| jenkins | coordinator_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | cvs_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | extended_choice_parameter | <= 346.vd87693c5a_86c | — |
| jenkins | extended_choice_parameter_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | google_compute_engine_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | jira_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | job_generator_plugin | — | — |
| jenkins | mask_passwords_plugin | — | — |
| jenkins | maven_release_plugin | — | — |
| jenkins | node_and_label_parameter_plugin | — | — |
| jenkins | promotion_names_in_promoted_builds_plugin | — | — |
| jenkins | publish_over_ftp_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | release_plugin | — | — |
| jenkins | show_build_parameters_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | unleash_maven_plugin | — | — |
| jenkins_project | jenkins_extended_choice_parameter_plugin | unspecified – 346.vd87693c5a_86c | — |