33 matches found
EUVD-2022-1418
Malicious code in bioql PyPI...
GHSA-JVVX-HMMR-RHGG Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-36902
Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier are affected by a stored XSS vulnerability in Moded Extended Choice parameters because several fields are not escaped. This can be exploited by attackers with Item/Configure permissions. Affected products: Jenkins Dynamic...
GHSA-7558-6Q45-6X7M Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
The CVE-2022-34186 entry concerns the Jenkins Dynamic Extended Choice Parameter Plugin (version 1.0.1 and earlier), where the plugin does not escape the name and description of Moded Extended Choice parameters on parameter views. This creates a stored XSS vulnerability exploitable by attackers wi...
Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-03-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forge...
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-GP7C-XMMM-7PQR Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
CVE-2022-29038 affects Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier. Root cause: the plugin does not escape the name/description of Extended Choice parameters on parameter-views, causing a stored XSS. Impact: vulnerability exploitable by attackers with Item/Configure pe...
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-FQPX-XFJR-2QR9 CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...
GHSA-CH63-6CMG-GWG2 Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...
GHSA-X95C-QRQR-2V27 CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...
CVE-2022-27203
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...