Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68096

Current version of Extended Choice Parameter has multiple vulnerabilities

      The current version of this plugin contains multiple vulnerabilities:

      This is displayed on the plugin page as well as warning within the Jenkins UI itself.

          [JENKINS-68096] Current version of Extended Choice Parameter has multiple vulnerabilities

          Alan Sparks added a comment -

          Is a resolution going to happen for this bug anytime soon?

          Alan Sparks added a comment - Is a resolution going to happen for this bug anytime soon?

          iyad omry added a comment -

          This is a very important plugin for us, whet it will be fixed?

           

          iyad omry added a comment - This is a very important plugin for us, whet it will be fixed?  

          Is there an ETA for vulnerability remediation? We use this plugin extensively and would try find a way to remove it (e.g. replace with other parameter types) but some other critical plugins we use (e.g. Custom Tools) depend on it as well.

          Steven Visagie added a comment - Is there an ETA for vulnerability remediation? We use this plugin extensively and would try find a way to remove it (e.g. replace with other parameter types) but some other critical plugins we use (e.g. Custom Tools) depend on it as well.

          Gabe Ortiz added a comment - 4 vulnerabilities now. CSRF vulnerability and missing permission checks allow SSRF Arbitrary JSON and property file read vulnerability Stored XSS vulnerability Stored XSS vulnerability

          chas Did already address a few security vulnerabilities. To silence the warnings in the update center, the maintainer needs to file a pull request to the update center updating the version range the security vulnerability used to affect.

          Alexander Brandes added a comment - chas Did already address a few security vulnerabilities. To silence the warnings in the update center, the maintainer needs to file a pull request to the update center updating the version range the security vulnerability used to affect.

          Charles added a comment -

          Charles added a comment - Remediate CVE-2022-27204 Fix CVE-2022-27204 / SECURITY-1350

          Charles added a comment -

          Anyone wishing for security remediations are welcome to contribute.

          Charles added a comment - Anyone wishing for security remediations are welcome to contribute.

            chas Charles
            jessejoe Jesse Jarzynka
            Votes:
            11 Vote for this issue
            Watchers:
            21 Start watching this issue

              Created:
              Updated: