[JENKINS-68096] Current version of Extended Choice Parameter has multiple vulnerabilities

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: extended-choice-parameter-plugin
Labels:
- Security
- security

Similar Issues:
Powered by SuggestiMate

Show

The current version of this plugin contains multiple vulnerabilities:

This is displayed on the plugin page as well as warning within the Jenkins UI itself.

relates to

JENKINS-26683 Get rid of dependency on Extended Choice Parameter plugin

Open

Jesse Jarzynka created issue - 2022-03-22 13:49

Jesse Jarzynka made changes - 2022-03-22 13:50

Priority

Original: Minor [ 4 ]

New: Major [ 3 ]

Kalle Niemitalo made changes - 2022-03-22 15:02

Link

New: This issue relates to JENKINS-26683 [ JENKINS-26683 ]

Alan Sparks added a comment - 2022-04-21 21:50

Is a resolution going to happen for this bug anytime soon?

Alan Sparks added a comment - 2022-04-21 21:50 Is a resolution going to happen for this bug anytime soon?

iyad omry added a comment - 2022-04-29 17:48

This is a very important plugin for us, whet it will be fixed?

iyad omry added a comment - 2022-04-29 17:48 This is a very important plugin for us, whet it will be fixed?

Steven Visagie added a comment - 2022-05-10 06:57

Is there an ETA for vulnerability remediation? We use this plugin extensively and would try find a way to remove it (e.g. replace with other parameter types) but some other critical plugins we use (e.g. Custom Tools) depend on it as well.

Steven Visagie added a comment - 2022-05-10 06:57 Is there an ETA for vulnerability remediation? We use this plugin extensively and would try find a way to remove it (e.g. replace with other parameter types) but some other critical plugins we use (e.g. Custom Tools) depend on it as well.

Donal Hunt made changes - 2022-07-06 16:34

Labels

New: Security security

Gabe Ortiz added a comment - 2022-11-25 23:13

4 vulnerabilities now.

Gabe Ortiz added a comment - 2022-11-25 23:13 4 vulnerabilities now. CSRF vulnerability and missing permission checks allow SSRF Arbitrary JSON and property file read vulnerability Stored XSS vulnerability Stored XSS vulnerability

Alexander Brandes added a comment - 2022-11-25 23:46

chas Did already address a few security vulnerabilities. To silence the warnings in the update center, the maintainer needs to file a pull request to the update center updating the version range the security vulnerability used to affect.

Alexander Brandes added a comment - 2022-11-25 23:46 chas Did already address a few security vulnerabilities. To silence the warnings in the update center, the maintainer needs to file a pull request to the update center updating the version range the security vulnerability used to affect.

Charles made changes - 2022-11-28 04:08

Assignee

Original: vimil [ vimil ]

New: Charles [ chas ]

Assignee:: Charles

Reporter:: Jesse Jarzynka

Votes:: 11 Vote for this issue

Watchers:: 21 Start watching this issue

Created:: 2022-03-22 13:49

Updated:: 2022-11-28 04:20

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Alan Sparks added a comment - 2022-04-21 21:50

Expand comment: Alan Sparks added a comment - 2022-04-21 21:50

Collapse comment: iyad omry added a comment - 2022-04-29 17:48

Expand comment: iyad omry added a comment - 2022-04-29 17:48

Collapse comment: Steven Visagie added a comment - 2022-05-10 06:57

Expand comment: Steven Visagie added a comment - 2022-05-10 06:57

Collapse comment: Gabe Ortiz added a comment - 2022-11-25 23:13

Expand comment: Gabe Ortiz added a comment - 2022-11-25 23:13

Collapse comment: Alexander Brandes added a comment - 2022-11-25 23:46

Expand comment: Alexander Brandes added a comment - 2022-11-25 23:46

People

Dates