Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-CH63-6CMG-GWG2 Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF

Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...

Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF

Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...

GHSA-X95C-QRQR-2V27 CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF

Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...

CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

Code injection

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...

Cross site scripting

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-27212

CVE-2022-27212 concerns Jenkins List Git Branches Parameter Plugin versions 0.0.9 and earlier. The vulnerability is a stored cross-site scripting (XSS) flaw caused by the plugin’s failure to escape the names of the List Git branches (and more) parameter. An attacker with Item/Configure permission...

CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-27205

CVE-2022-27205 concerns Jenkins Extended Choice Parameter Plugin (346.vd87693c5a_86c and earlier). The root cause is a missing permission check on form validation methods, allowing attackers with Overall/Read permission to connect to an attacker-specified URL (SSRF). The vulnerability is document...

CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-27204

CVE-2022-27204 affects the Jenkins Extended Choice Parameter Plugin (346.vd87693c5a_86c and earlier). The vulnerability is a cross-site request forgery (CSRF) flaw caused by missing permission checks on form validation methods, allowing attackers with Overall/Read permission to connect to an atta...

CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-27203

CVE-2022-27203 affects Jenkins Extended Choice Parameter Plugin (346.vd87693c5a_86c and earlier). The vulnerability arises from a flaw in the plugin that allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files located on the Jenkins controller....

CVE-2022-27202

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...