Description
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797
Related Vulnerabilities
CVE-2022-24846 Vulnerability in maven package org.geowebcache:gwc-diskquota-jdbc
CVE-2023-31066 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2016-6497 Vulnerability in maven package org.xbib.groovy:groovy-ldap
CVE-2022-23640 Vulnerability in maven package com.monitorjbl:xlsx-streamer
CVE-2023-50766 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin