Maven package
com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter
pkg:maven/com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36902 | — | <= 1.0.1 | — | Jul 27, 2022 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2022-34186 | — | <= 1.0.1 | — | Jun 22, 2022 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Config | ||
| CVE-2020-2124 | — | <= 1.0.1 | — | Feb 12, 2020 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. |
- CVE-2022-36902Jul 27, 2022affected <= 1.0.1
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2022-34186Jun 22, 2022affected <= 1.0.1
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Config
- CVE-2020-2124Feb 12, 2020affected <= 1.0.1
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.