Maven package
aendter.jenkins.plugins/filesystem-list-parameter-plugin
pkg:maven/aendter.jenkins.plugins/filesystem-list-parameter-plugin
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-54004 | — | < 0.0.15 | 0.0.15 | Nov 27, 2024 | Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. | ||
| CVE-2022-34187 | Med | 5.4 | <= 0.0.7 | — | Jun 23, 2022 | Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure p |
- CVE-2024-54004Nov 27, 2024affected < 0.0.15fixed 0.0.15
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.
- affected <= 0.0.7
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure p