Skip to main content

Dynamic Extended Choice Parameter

3 CVEs product

Monthly

CVE-2022-36902 Maven MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34186 Maven MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2124 Maven MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dynamic Extended Choice Parameter
NVD
CVSS 3.1
4.3
EPSS
0.7%
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dynamic Extended Choice Parameter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy