Lucene search
K

8 matches found

OSV
OSV
added 2022/07/28 12:0 a.m.27 views

GHSA-JVVX-HMMR-RHGG Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS5.5AI score0.00648EPSS
Exploits0References4
CVE
CVE
added 2022/07/27 2:25 p.m.98 views

CVE-2022-36902

Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier are affected by a stored XSS vulnerability in Moded Extended Choice parameters because several fields are not escaped. This can be exploited by attackers with Item/Configure permissions. Affected products: Jenkins Dynamic...

5.4CVSS5.2AI score0.00648EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/06/24 12:0 a.m.43 views

GHSA-7558-6Q45-6X7M Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS5.8AI score0.00753EPSS
Exploits0References3
OSV
OSV
added 2022/06/23 5:15 p.m.25 views

CVE-2022-34186

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.95 views

CVE-2022-34186

The CVE-2022-34186 entry concerns the Jenkins Dynamic Extended Choice Parameter Plugin (version 1.0.1 and earlier), where the plugin does not escape the name and description of Moded Extended Choice parameters on parameter views. This creates a stored XSS vulnerability exploitable by attackers wi...

5.4CVSS5.2AI score0.00753EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/02/12 3:15 p.m.24 views

CVE-2020-2124

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS4.6AI score0.00691EPSS
Exploits0References2
OSV
OSV
added 2020/02/12 3:15 p.m.20 views

CVE-2020-2124

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2020/02/12 2:35 p.m.70 views

CVE-2020-2124

CVE-2020-2124 affects Jenkins Dynamic Extended Choice Parameter Plugin (versions ≤ 1.0.1). The vulnerability: passwords are stored unencrypted in job config.xml files on the Jenkins master, allowing access by users with Extended Read permission or master FS access. Impact is exposure of stored cr...

4.3CVSS4.6AI score0.00691EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder