Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin

2022-04-1300:00:18

Google

osv.dev

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CPENameOperatorVersion
org.jenkins-ci.plugins:extended-choice-parametereq0.36
org.jenkins-ci.plugins:extended-choice-parametereq0.64
org.jenkins-ci.plugins:extended-choice-parametereq0.69
org.jenkins-ci.plugins:extended-choice-parametereq0.54
org.jenkins-ci.plugins:extended-choice-parametereq0.19
org.jenkins-ci.plugins:extended-choice-parametereq0.43
org.jenkins-ci.plugins:extended-choice-parametereq0.35
org.jenkins-ci.plugins:extended-choice-parametereq0.53
org.jenkins-ci.plugins:extended-choice-parametereq0.75
org.jenkins-ci.plugins:extended-choice-parametereq0.24

Name	Operator	Version
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.36
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.64
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.69
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.54
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.19
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.43
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.35
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.53
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.75
org.jenkins-ci.plugins:extended-choice-parameter	eq	0.24