8 matches found
GHSA-JVVX-HMMR-RHGG Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-36902
Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier are affected by a stored XSS vulnerability in Moded Extended Choice parameters because several fields are not escaped. This can be exploited by attackers with Item/Configure permissions. Affected products: Jenkins Dynamic...
GHSA-7558-6Q45-6X7M Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
The CVE-2022-34186 entry concerns the Jenkins Dynamic Extended Choice Parameter Plugin (version 1.0.1 and earlier), where the plugin does not escape the name and description of Moded Extended Choice parameters on parameter views. This creates a stored XSS vulnerability exploitable by attackers wi...
CVE-2020-2124
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2124
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2124
CVE-2020-2124 affects Jenkins Dynamic Extended Choice Parameter Plugin (versions ≤ 1.0.1). The vulnerability: passwords are stored unencrypted in job config.xml files on the Jenkins master, allowing access by users with Extended Read permission or master FS access. Impact is exposure of stored cr...