3 matches found
Jenkins plugins Multiple Vulnerabilities (2022-04-12)
According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins CVS Plugin prior to 2.19.1, Credentials Plugin prior to 1112., Extended Choice Parameter Plugin 346. or earlier, Gerrit Trigger Plugin prior to 2.35.3, Git Parameter...
CVE-2022-29038
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
CVE-2022-29038 affects Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier. Root cause: the plugin does not escape the name/description of Extended Choice parameters on parameter-views, causing a stored XSS. Impact: vulnerability exploitable by attackers with Item/Configure pe...