6 matches found
CVE-2022-29040
CVE-2022-29040 affects the Jenkins Git Parameter Plugin (version 0.9.15 and earlier). The issue is a stored XSS vulnerability caused by the plugin not escaping the name and description of Git parameters on parameter display views, enabling exploitation by attackers with Item/Configure permission....
CVE-2020-2112
CVE-2020-2112 affects Jenkins Git Parameter Plugin (versions
CVE-2020-2238
The CVE-2020-2238 issue affects the Jenkins Git Parameter Plugin, where versions up to 0.9.12 do not escape the repository field on the Build with Parameters page, enabling a stored XSS vulnerability exploitable by attackers with Job/Configure permissions. Connected sources confirm the root cause...
CVE-2020-2113
CVE-2020-2113 affects Jenkins Git Parameter Plugin versions 0.9.11 and earlier. The UI shows the default value without escaping, enabling stored XSS exploitable by users with Job/Configure permission. Affected component is the Git Parameter Plugin’s UI input handling; root cause is lack of escapi...
CVE-2025-53652
Summary (CVE-2025-53652) : Jenkins Git Parameter Plugin (versions 439.vb_0e46ca_14534 and earlier) does not validate that the submitted Git parameter matches an offered choice. With Item/Build permission, an attacker can inject arbitrary values into Git parameters, which can propagate to the SCM ...
CVE-2026-57286
CVE-2026-57286 describes a missing permission check in the Jenkins Git Parameter Plugin (462.vdcf3df2ed2ca_ and earlier). This allows users with Item/Read permission to obtain information about the SCM repository used by a job (e.g., branch names, tag names, and revision metadata). The impact is ...