-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Major
-
Component/s: extended-choice-parameter-plugin
The current version of this plugin contains multiple vulnerabilities:
- CSRF vulnerability and missing permission checks allow SSRF
- Arbitrary JSON and property file read vulnerability
- Stored XSS vulnerability
This is displayed on the plugin page as well as warning within the Jenkins UI itself.
- relates to
-
JENKINS-26683 Get rid of dependency on Extended Choice Parameter plugin
-
- Open
-
