CVE-2022-34186: XSS
First published: Thu Jun 23 2022(Updated: )
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Dynamic Extended Choice Parameter | <=1.0.1 | |
| <=1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Jenkins Dynamic Extended Choice Parameter Plugin?
The vulnerability ID for Jenkins Dynamic Extended Choice Parameter Plugin is CVE-2022-34186.
What is the severity level of CVE-2022-34186?
The severity level of CVE-2022-34186 is medium.
How does CVE-2022-34186 affect Jenkins Dynamic Extended Choice Parameter Plugin?
CVE-2022-34186 affects Jenkins Dynamic Extended Choice Parameter Plugin by allowing stored cross-site scripting (XSS) attacks.
Which versions of Jenkins Dynamic Extended Choice Parameter Plugin are affected by CVE-2022-34186?
Jenkins Dynamic Extended Choice Parameter Plugin version 1.0.1 and earlier are affected by CVE-2022-34186.
Is there a fix available for CVE-2022-34186?
Yes, a fix is available for CVE-2022-34186. It is recommended to update to a version of Jenkins Dynamic Extended Choice Parameter Plugin that is not affected by the vulnerability.
- collector/nvd-index
- collector/nvd-api
- vendor/jenkins
- canonical/jenkins dynamic extended choice parameter
- version/jenkins dynamic extended choice parameter/1.0.1