CVE-2022-36902: 
Java vulnerability analysis and mitigation

CVE-2022-36902 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier. The vulnerability was disclosed on July 27, 2022, as part of a larger Jenkins security advisory. The affected component is the Dynamic Extended Choice Parameter Plugin, which is used in Jenkins for parameter handling (Jenkins Advisory, OSS Security).

The vulnerability stems from the plugin's failure to properly escape several fields of Moded Extended Choice parameters. This security flaw has been assigned a High severity rating according to CVSS scoring. The vulnerability specifically affects the parameter handling functionality within the plugin, allowing for stored XSS attacks when specific fields are not properly sanitized (Jenkins Advisory).

The vulnerability allows attackers with Item/Configure permission to execute stored cross-site scripting (XSS) attacks against the Jenkins instance. This could potentially lead to unauthorized access, data theft, or manipulation of Jenkins configurations (Jenkins Advisory).

As of the advisory's publication date, no official fix was available for this vulnerability. Users of the Dynamic Extended Choice Parameter Plugin should monitor for updates and consider implementing additional access controls to limit Item/Configure permissions (Jenkins Advisory).

The vulnerability was discovered and reported by Kevin Guerroudj from CloudBees, Inc., highlighting the ongoing security research efforts within the Jenkins ecosystem (Jenkins Advisory).