VYPR

Git Parameter Plugin

by Jenkins Project

Source repositories

CVEs (6)

  • CVE-2022-29040MedApr 12, 2022
    risk 0.35cvss 5.4epss 0.01

    Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2020-2238MedSep 1, 2020
    risk 0.28cvss 5.4epss 0.01

    Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

  • CVE-2020-2113MedFeb 12, 2020
    risk 0.28cvss 5.4epss 0.01

    Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.

  • CVE-2020-2112MedFeb 12, 2020
    risk 0.28cvss 5.4epss 0.01

    Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.

  • CVE-2026-57286Jun 24, 2026
    risk 0.00cvss epss 0.00

    A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.

  • CVE-2025-53652HigJul 9, 2025
    risk 0.00cvss 8.2epss 0.01

    Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.