Parameterized Trigger Security Vulnerabilities

CVE-2017-1000084

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to th...