Primary

Context

Jenkins Extensible Choice Parameter Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in Jenkins Extensible Choice Parameter Plugin versions up to and including 239.v5f5c278708cf. This vulnerability allows attackers to execute sandboxed Groovy code by exploiting the plugin's failure to require POST requests for a specific HTTP endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of sandboxed Groovy code on the Jenkins server.

Added: Oct 29, 2025, 2:34 PM

Updated: Oct 29, 2025, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

6.0

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Extensible Choice Parameter Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

Jenkins Extensible Choice Parameter Plugin

Jenkins SAML Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating