Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qdnZ4LWhtbXItcmhnZ84AAttC
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Permalink: https://github.com/advisories/GHSA-jvvx-hmmr-rhggJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdnZ4LWhtbXItcmhnZ84AAttC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-jvvx-hmmr-rhgg, CVE-2022-36902
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-36902
- https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682
- http://www.openwall.com/lists/oss-security/2022/07/27/1
- https://github.com/advisories/GHSA-jvvx-hmmr-rhgg
Affected Packages
maven:com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
Affected Version Ranges: <= 1.0.1No known fixed version