CVE-2020-2289 – org.biouno:uno-choice

Package

Manager: maven
Name: org.biouno:uno-choice
Vulnerable Version: >=0 <2.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00205 pctl0.42811

Details

Stored XSS vulnerability in Jenkins Active Choices Plugin Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Active Choices Plugin 2.5 escapes the name of build parameters and applies the configured markup formatter to the description of build parameters.

Metadata

Created: 2022-05-24T17:30:18Z
Modified: 2023-10-27T11:36:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9jv5-wf44-8vfm/GHSA-9jv5-wf44-8vfm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9jv5-wf44-8vfm
Finding: F425
Auto approve: 1