Jenkins Dynamic Extended Choice Parameter vulnerabilities
3 known vulnerabilities affecting jenkins/dynamic_extended_choice_parameter.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-36902MEDIUMCVSS 5.4≤ 1.0.12022-07-27
CVE-2022-36902 [MEDIUM] CWE-79 CVE-2022-36902: Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
nvd
CVE-2022-34186MEDIUMCVSS 5.4≤ 1.0.12022-06-23
CVE-2022-34186 [MEDIUM] CWE-79 CVE-2022-34186: Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and desc
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
nvd
CVE-2020-2124MEDIUMCVSS 4.3≤ 1.0.12020-02-12
CVE-2020-2124 [MEDIUM] CWE-522 CVE-2020-2124: Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
nvd