VYPR

Jenkins Image Tag Parameter Plugin

by Jenkins Project

CVEs (12)

  • CVE-2023-32986HigMay 16, 2023
    risk 0.55cvss 8.8epss 0.63

    Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system…

  • CVE-2023-30516MedApr 12, 2023
    risk 0.42cvss 6.5epss 0.00

    Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation…

  • CVE-2022-34196MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-34194MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…

  • CVE-2022-34183MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-27195MedMar 15, 2022
    risk 0.29cvss 5.5epss 0.00

    Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by…

  • CVE-2021-21635MedMar 30, 2021
    risk 0.29cvss 5.4epss 0.09

    Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

  • CVE-2022-34188MedJun 23, 2022
    risk 0.28cvss 5.4epss 0.01

    Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-25191MedFeb 15, 2022
    risk 0.28cvss 5.4epss 0.01

    Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-34189MedJun 23, 2022
    risk 0.00cvss 5.4epss 0.01

    Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-34185MedJun 23, 2022
    risk 0.00cvss 5.4epss 0.01

    Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2022-30963MedMay 17, 2022
    risk 0.00cvss 5.4epss 0.01

    Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.