3 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, no escapa de varios campos de los parámetros Moded Extended Choice, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, no escapa el nombre y la descripción de los parámetros Moded Extended Choice en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado, explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, almacenan una contraseña sin cifrar en los archivos config.xml de trabajo en el maestro Jenkins, donde puede ser visualizada por parte de usuarios con permiso Extended Read o acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560 • CWE-522: Insufficiently Protected Credentials •