Skip to main content

Extended Choice Parameter

5 CVEs product

Monthly

CVE-2022-29038 Maven MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27205 Maven MEDIUM This Month

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extended Choice Parameter
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27204 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Extended Choice Parameter
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-27203 Maven MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal Extended Choice Parameter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-27202 Maven MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extended Choice Parameter
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Extended Choice Parameter
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy