CVE-2022-34198
https://notcve.org/view.php?id=CVE-2022-34198
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Stash Branch Parameter Plugin 0.3.0 y anteriores, no escapa del nombre y la descripción de los parámetros Stash Branch en las visualizaciones que muestran los parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenados, explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-2210
https://notcve.org/view.php?id=CVE-2020-2210
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Jenkins Stash Branch Parameter Plugin versiones 0.3.0 y anteriores, transmiten contraseñas configuradas en texto plano como parte de su formulario de configuración global de Jenkins, resultando en su exposición • http://www.openwall.com/lists/oss-security/2020/07/02/7 https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656 • CWE-319: Cleartext Transmission of Sensitive Information •