Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•13 views

Missing permission checks in build-metrics

build-metrics 1.3 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. As of publication of this advisory, there is no fix. Learn why we announce this...

4.3CVSS5AI score0.00644EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

Missing permission checks in xlrelease-plugin allow enumerating credentials IDs

xlrelease-plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5.6AI score0.00524EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

Incorrect permission check in requests allows viewing pending requests

requests 2.2.16 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. NOTE: This is basically the same vulnerability as SECURITY-1995, whose fix was ineffective. requests 2.2.17...

4.3CVSS5AI score0.00516EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in xlrelease-plugin allow capturing credentials

xlrelease-plugin 22.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...

6.5CVSS6.3AI score0.00647EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•8 views

Stored XSS vulnerability in plot

plot 2.1.10 and earlier does not escape plot descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.80407EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

Stored XSS vulnerability in ec2-deployment-dashboard

ec2-deployment-dashboard 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As of publication of this advisory, there is no fix. Learn why w...

8CVSS5.3AI score0.00602EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Missing permission checks in ec2-deployment-dashboard allow enumerating credentials IDs

ec2-deployment-dashboard 1.0.10 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anoth...

4.3CVSS5.1AI score0.00684EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in ec2-deployment-dashboard

ec2-deployment-dashboard 1.0.10 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and password. Additionally, these endpoints do not require PO...

5.4CVSS4.9AI score0.00558EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Tokens stored in plain text by build-notifications

build-notifications 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration: Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml Slack Bot Token in...

4.3CVSS5AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•9 views

Password stored in plain text by skype-notifier

skype-notifier 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system. As o...

6.5CVSS6.4AI score0.00686EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•6 views

Token stored in plain text by cisco-spark

cisco-spark 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file org.jenkinsci.plugins.spark.SparkNotifier.xml on the Jenkins controller as part of its configuration. These bearer tokens can be viewed by users with access to the Jenkins controller file system. As of...

4.3CVSS5AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•9 views

Password stored in plain text by rqm-plugin

rqm-plugin 2.8 and earlier stores a password unencrypted in its global configuration file net.praqma.jenkins.rqm.RqmBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this...

6.5CVSS6.4AI score0.00686EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•8 views

Missing permission check in xpath-config-viewer allows accessing XPath Configuration Viewer page

xpath-config-viewer 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data to every user...

4.3CVSS5AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•7 views

Passwords stored in plain text by hpe-network-virtualization

hpe-network-virtualization 1.0 stores passwords unencrypted in its global configuration file org.jenkinsci.plugins.nvemulation.plugin.NvEmulationBuilder.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller file...

6.5CVSS6.4AI score0.00686EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Improper authorization in embeddable-build-status bypasses ViewStatus permission requirement

embeddable-build-status 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or...

7.5CVSS7.2AI score0.01137EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in convertigo-mobile-platform

convertigo-mobile-platform 1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting ...

8.8CVSS6.8AI score0.00574EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Reflected XSS vulnerability in nested-view

nested-view 1.20 through 1.25 both inclusive does not escape search parameters. This results in a reflected cross-site scripting XSS vulnerability. nested-view 1.26 escapes search parameters...

8.8CVSS5.8AI score0.00911EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•11 views

Agent-to-controller security bypass in xunit

xunit 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results. This allows attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain...

9.1CVSS8.6AI score0.01213EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Observable timing discrepancy allows determining username validity

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This...

7.5CVSS7.2AI score0.01229EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•7 views

CSRF vulnerability and missing permission check in vmware-vrealize-orchestrator

vmware-vrealize-orchestrator 3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. Additionally, this HTTP endpoint does not require POST requests, resulting in a...

6.5CVSS6AI score0.00624EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Passwords stored in plain text by Squash TM Publisher (Squash4Jenkins)

Squash TM Publisher Squash4Jenkins 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller...

6.5CVSS6.4AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and JavaScript into the Jenkins UI: SECURITY-2779 CVE-2022-34170: Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name,...

8CVSS5.3AI score0.01361EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•8 views

Stored XSS vulnerability in junit

junit 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. junit 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test...

8CVSS5.3AI score0.77007EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Reflected XSS vulnerability in embeddable-build-status

embeddable-build-status 2.0.3 allows specifying a link query parameter that build status badges will link to, without restricting possible values. This results in a reflected cross-site scripting XSS vulnerability. embeddable-build-status 2.0.4 limits URLs to http and https protocols and correctl...

8.8CVSS5.8AI score0.00911EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in jianliao

jianliao 1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in...

6.5CVSS5.4AI score0.00525EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

CSRF vulnerability and missing permission check in threadfix

threadfix 1.5.4 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in a cross-site...

6.5CVSS6.3AI score0.00617EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•7 views

Path traversal vulnerability in embeddable-build-status

embeddable-build-status 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values. This results in a relative path traversal vulnerability, allowing attackers without Overall/Read permission to specify paths ...

7.5CVSS7.3AI score0.01596EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

Stored XSS vulnerabilities in multiple plugins providing additional parameter types

Multiple plugins do not escape the name and description of the parameter types they provide: Agent Server Parameter 1.1 and earlier SECURITY-2731 / CVE-2022-34183 CRX Content Package Deployer 1.9 and earlier SECURITY-2727 / CVE-2022-34184 Date Parameter Plugin 0.0.4 and earlier SECURITY-2711 /...

8CVSS5.4AI score0.00759EPSS
Exploits0Affected Software16
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•8 views

User passwords stored in plain text by easyqa

easyqa 1.0 and earlier stores user passwords unencrypted in its global configuration file EasyQAPluginProperties.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory...

6.5CVSS6.4AI score0.00651EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•10 views

Arbitrary file write vulnerability in pipeline-input-step

pipeline-input-step 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata using th...

8.8CVSS7.4AI score0.01478EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•10 views

Passwords stored in plain text by convertigo-mobile-platform

convertigo-mobile-platform 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of...

6.5CVSS6.4AI score0.00651EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•6 views

CSRF vulnerability and missing permission checks in easyqa

easyqa 1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Additionally, this form validation method does not require POST requests, resulting in a...

8.8CVSS6.2AI score0.00525EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•8 views

CSRF vulnerability and missing permission checks in beaker-builder

beaker-builder 1.10 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in a...

6.5CVSS5.4AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•10 views

Unauthorized view fragment access

Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content. Before SECURITY-534 was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access ...

7.5CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•8 views

Multiple SCM plugins can check out from the controller file system

SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspaces unles...

7.5CVSS6.4AI score0.01382EPSS
Exploits0Affected Software3
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

User-scoped credentials exposed to other users by blueocean-pipeline-scm-api

When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...

6.5CVSS6.3AI score0.00922EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•8 views

Missing permission check in ssh allows enumerating credentials IDs

ssh 2.6.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. As of...

4.3CVSS5.1AI score0.00699EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in ssh allow capturing credentials

ssh 2.6.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.9AI score0.00818EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in workflow-cps

workflow-cps allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In workflow-cps 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could be loaded this way and...

8.5CVSS7.8AI score0.01328EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•8 views

CSRF vulnerability in script-security

script-security 1158.v7c1b73a69a08 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. This form...

4.3CVSS5.6AI score0.0061EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

Multiple vulnerabilities in Windows Remote Command library in windows-slaves

windows-slaves 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it. This library has a buffer overflow vulnerability that may allow users able to...

8.8CVSS8.7AI score0.01717EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in blueocean

blueocean 1.25.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to send requests to an attacker-specified URL. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery CSRF...

6.5CVSS6.3AI score0.00835EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

Missing permission check in gitlab-plugin allows enumerating credentials IDs

gitlab-plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability...

6.5CVSS6.4AI score0.00818EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•6 views

Stored XSS vulnerability in rundeck

rundeck 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. rundeck 3.6.11 sanitizes URLs submitted in Rundeck webhook payloads...

8CVSS5.3AI score0.71943EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

Stored XSS vulnerabilities in multiple plugins providing additional parameter types

Multiple plugins do not escape the name and description of the parameter types they provide: Application Detector Plugin 1.0.8 and earlier SECURITY-2732 / CVE-2022-30960 Autocomplete Parameter Plugin 1.1 and earlier SECURITY-2729 / CVE-2022-30961 Global Variable String Parameter Plugin 1.2 and...

8CVSS5.4AI score0.0073EPSS
Exploits0Affected Software9
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

XXE vulnerability in Storable Configs

Storable Configs 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side...

8.8CVSS7.8AI score0.01148EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•6 views

CSRF vulnerability in Autocomplete Parameter results in RCE

Autocomplete Parameter 1.1 and earlier does not require POST requests for a form validation endpoint executing a provided Groovy script, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute arbitrary code without sandbox protection if the...

8.8CVSS8.3AI score0.00836EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•7 views

Stored XSS vulnerability in Autocomplete Parameter

Autocomplete Parameter 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

8CVSS5.3AI score0.00749EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/04/12 12:0 a.m.•10 views

CSRF vulnerability and missing permission checks in publish-over-ftp

publish-over-ftp 1.16 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. Additionally, these form validation methods do not require POST...

8.8CVSS6.3AI score0.0072EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/04/12 12:0 a.m.•8 views

Stored XSS vulnerabilities in multiple plugins providing additional parameter types

Multiple plugins do not escape the name and description of the parameter types they provide: Credentials Plugin 1111.v35a307992395 and earlier SECURITY-2690 / CVE-2022-29036 CVS Plugin 2.19 and earlier SECURITY-2700 / CVE-2022-29037 Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier...

8CVSS5.8AI score0.7855EPSS
Exploits0Affected Software11
Total number of security vulnerabilities1464