-
Bug
-
Resolution: Unresolved
-
Major
The current version of this plugin contains multiple vulnerabilities:
- CSRF vulnerability and missing permission checks allow SSRF
- Arbitrary JSON and property file read vulnerability
- Stored XSS vulnerability
This is displayed on the plugin page as well as warning within the Jenkins UI itself.
- relates to
-
JENKINS-26683 Get rid of dependency on Extended Choice Parameter plugin
-
- Open
-
[JENKINS-68096] Current version of Extended Choice Parameter has multiple vulnerabilities
Jesse Jarzynka
created issue -
Jesse Jarzynka
made changes -
| Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
Kalle Niemitalo
made changes -
| Link | New: This issue relates to JENKINS-26683 [ JENKINS-26683 ] |
Donal Hunt
made changes -
| Labels | New: Security security |
Charles
made changes -
| Assignee | Original: vimil [ vimil ] | New: Charles [ chas ] |
