GHSA-gp7c-xmmm-7pqr

Source

https://github.com/advisories/GHSA-gp7c-xmmm-7pqr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-gp7c-xmmm-7pqr/GHSA-gp7c-xmmm-7pqr.json

Aliases

CVE-2022-29038

Published

2022-04-13T00:00:18Z

Modified

2024-02-16T08:13:43.103323Z

Details

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Maven / org.jenkins-ci.plugins:extended-choice-parameter

Package

Name: org.jenkins-ci.plugins:extended-choice-parameter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

346.vd87693c5a

Affected versions

0.*

0.18

0.19

0.20

0.21

0.22

0.23

0.24

0.25

0.26

0.27

0.28

0.30

0.31

0.32

0.33

0.34

0.35

0.36

0.37

0.38

0.39

0.40

0.41

0.42

0.43

0.44

0.45

0.46

0.47

0.48

0.50

0.51

0.52

0.53

0.54

0.55

0.56

0.59

0.61

0.63

0.64

0.65

0.68

0.69

0.70

0.71

0.72

0.74

0.75

0.76

0.78

0.82

0.84

342.*

342.v91c1905a_a_eb_a_

343.*

343.v3a_a_d43ce47dd