Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin
High severity
GitHub Reviewed
Published
Feb 16, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Package
Affected versions
< 1.2
Patched versions
1.2
Description
Published by the National Vulnerability Database
Feb 15, 2022
Published to the GitHub Advisory Database
Feb 16, 2022
Reviewed
Dec 1, 2022
Last updated
Feb 3, 2023
Credits
-
NotMyFault Analyst
Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
References