Extended Choice Parameter Security Vulnerabilities and Issues — Extended Choice Parameter CVE List

Lucene search

JenkinsExtended Choice Parameter

5 matches found

CVE•added 2022/03/15 5:15 p.m.•151 views

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

6.5CVSS6.5AI score0.00566EPSS

CVE•added 2022/03/15 5:15 p.m.•111 views

CVE-2022-27202

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permissio...

5.4CVSS5.4AI score0.14252EPSS

CVE•added 2022/03/15 5:15 p.m.•111 views

CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

4.3CVSS4.7AI score0.00906EPSS

CVE•added 2022/03/15 5:15 p.m.•103 views

CVE-2022-27204

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.

8.8CVSS8.5AI score0.0008EPSS

CVE•added 2022/04/12 8:15 p.m.•103 views

CVE-2022-29038

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4CVSS5.4AI score0.2585EPSS