Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Dynamic Extended Choice Parameter
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36902 1 Jenkins 1 Dynamic Extended Choice Parameter 2024-11-21 N/A 5.4 MEDIUM
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-34186 1 Jenkins 1 Dynamic Extended Choice Parameter 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2020-2124 1 Jenkins 1 Dynamic Extended Choice Parameter 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.