VYPR

Maven package

com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter

pkg:maven/com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter

Vulnerabilities (3)

  • CVE-2022-36902Jul 27, 2022
    affected <= 1.0.1

    Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-34186Jun 22, 2022
    affected <= 1.0.1

    Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Config

  • CVE-2020-2124Feb 12, 2020
    affected <= 1.0.1

    Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.