Maven package
org.jenkins-ci.plugins/extended-choice-parameter
pkg:maven/org.jenkins-ci.plugins/extended-choice-parameter
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-29038 | — | <= 346.vd87693c5a | — | Apr 12, 2022 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configu | ||
| CVE-2022-27205 | — | <= 346.vd87693c5a | — | Mar 15, 2022 | A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||
| CVE-2022-27204 | — | < 356.va_90a_94ca_62ec | 356.va_90a_94ca_62ec | Mar 15, 2022 | A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | ||
| CVE-2022-27203 | — | <= 346.vd87693c5a | — | Mar 15, 2022 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | ||
| CVE-2022-27202 | — | <= 346.vd87693c5a | — | Mar 15, 2022 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/ |
- CVE-2022-29038Apr 12, 2022affected <= 346.vd87693c5a
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configu
- CVE-2022-27205Mar 15, 2022affected <= 346.vd87693c5a
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
- CVE-2022-27204Mar 15, 2022affected < 356.va_90a_94ca_62ecfixed 356.va_90a_94ca_62ec
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.
- CVE-2022-27203Mar 15, 2022affected <= 346.vd87693c5a
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.
- CVE-2022-27202Mar 15, 2022affected <= 346.vd87693c5a
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/