cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-36902,https://securityvulnerability.io/vulnerability/CVE-2022-36902,Stored Cross-Site Scripting Vulnerability in Jenkins Dynamic Extended Choice Parameter Plugin by Jenkins,"The Jenkins Dynamic Extended Choice Parameter Plugin versions up to 1.0.1 contain a vulnerability that allows for stored cross-site scripting. This issue arises because the plugin does not properly escape multiple fields associated with Moded Extended Choice parameters. An attacker with Item/Configure permissions can exploit this vulnerability to execute arbitrary JavaScript in the context of the users interacting with the affected system, potentially leading to unauthorized actions and data exposure.",Jenkins,Jenkins Dynamic Extended Choice Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:25:15.000Z,0
CVE-2022-34186,https://securityvulnerability.io/vulnerability/CVE-2022-34186,Stored Cross-Site Scripting Vulnerability in Jenkins Dynamic Extended Choice Parameter Plugin,"The Dynamic Extended Choice Parameter Plugin for Jenkins has a vulnerability that allows attackers with Item/Configure permissions to inject malicious scripts. This occurs because the plugin does not properly escape the name and description of Moded Extended Choice parameters when displayed on views, leading to potential exploitation via stored cross-site scripting (XSS) attacks. Users are advised to upgrade to the latest versions to mitigate this security risk.",Jenkins,Jenkins Dynamic Extended Choice Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-29038,https://securityvulnerability.io/vulnerability/CVE-2022-29038,Cross-Site Scripting Vulnerability in Jenkins Extended Choice Parameter Plugin,"The Jenkins Extended Choice Parameter Plugin fails to properly escape the name and description of Extended Choice parameters. This flaw can lead to a stored cross-site scripting (XSS) vulnerability. Attackers who have Item/Configure permissions can exploit this vulnerability by injecting malicious scripts, which are then executed in the context of other users who view the parameters on affected Jenkins instances.",Jenkins,Jenkins Extended Choice Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-12T19:50:31.000Z,0
CVE-2022-27205,https://securityvulnerability.io/vulnerability/CVE-2022-27205,Jenkins Extended Choice Parameter Plugin Allows Unauthorized URL Connections,The Jenkins Extended Choice Parameter Plugin contains a vulnerability due to a missing permission check. This flaw permits attackers with Overall/Read permission to establish connections to maliciously specified URLs. This can potentially expose sensitive information or lead to further exploitation within the Jenkins environment. It's crucial for users of the affected versions to review their plugin configurations and apply necessary security measures to mitigate risks associated with this vulnerability.,Jenkins,Jenkins Extended Choice Parameter Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-15T16:45:52.000Z,0
CVE-2022-27204,https://securityvulnerability.io/vulnerability/CVE-2022-27204,Cross-Site Request Forgery in Jenkins Extended Choice Parameter Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Extended Choice Parameter Plugin versions 346.vd87693c5a_86c and earlier. This flaw enables attackers to send unauthorized requests to an attacker-specified URL, potentially jeopardizing the security of the affected Jenkins instance. The vulnerability allows for manipulation of user interactions in a way that could lead to data exposure or unauthorized actions, emphasizing the need for timely updates and security measures.",Jenkins,Jenkins Extended Choice Parameter Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-03-15T16:45:50.000Z,0
CVE-2022-27203,https://securityvulnerability.io/vulnerability/CVE-2022-27203,Unauthorized Access to JSON and Java Properties Files in Jenkins Extended Choice Parameter Plugin,The Jenkins Extended Choice Parameter Plugin allows users with Item/Configure permission to gain unauthorized access to the values stored in arbitrary JSON and Java properties files on the Jenkins controller. This vulnerability can expose sensitive configuration data and potentially lead to further exploitation or compromise of the Jenkins environment. Users are advised to update to the latest version of the plugin to mitigate risks associated with this issue.,Jenkins,Jenkins Extended Choice Parameter Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-15T16:45:49.000Z,0
CVE-2022-27202,https://securityvulnerability.io/vulnerability/CVE-2022-27202,Stored Cross-Site Scripting Vulnerability in Jenkins Extended Choice Parameter Plugin,"The Extended Choice Parameter Plugin for Jenkins contains a stored cross-site scripting vulnerability that can be exploited by users with Item/Configure permissions. Specifically, the plugin fails to correctly escape the values and descriptions for radio button and checkbox types. As a result, malicious actors can inject arbitrary JavaScript into the application's stored data, potentially leading to unauthorized access and the execution of scripts in the context of other users who interact with affected parameters.",Jenkins,Jenkins Extended Choice Parameter Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-15T16:45:48.000Z,0
CVE-2020-2124,https://securityvulnerability.io/vulnerability/CVE-2020-2124,,"Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",Jenkins,Jenkins Dynamic Extended Choice Parameter Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:46.000Z,0