3 matches found
CVE-2022-27204
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...
com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-27204 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)
org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...
CVE-2022-27204
CVE-2022-27204 affects the Jenkins Extended Choice Parameter Plugin (346.vd87693c5a_86c and earlier). The vulnerability is a cross-site request forgery (CSRF) flaw caused by missing permission checks on form validation methods, allowing attackers with Overall/Read permission to connect to an atta...