CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36902
https://notcve.org/view.php?id=CVE-2022-36902
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, no escapa de varios campos de los parámetros Moded Extended Choice, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34186
https://notcve.org/view.php?id=CVE-2022-34186
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, no escapa el nombre y la descripción de los parámetros Moded Extended Choice en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado, explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2124
https://notcve.org/view.php?id=CVE-2020-2124
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Jenkins Dynamic Extended Choice Parameter Plugin versiones 1.0.1 y anteriores, almacenan una contraseña sin cifrar en los archivos config.xml de trabajo en el maestro Jenkins, donde puede ser visualizada por parte de usuarios con permiso Extended Read o acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560 • CWE-522: Insufficiently Protected Credentials •