Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Config File Provider Security Vulnerabilities

cve
cve

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file...

8.1CVSS

8AI Score

0.001EPSS

2019-01-09 11:29 PM
19
cve
cve

CVE-2018-1000413

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in...

5.4CVSS

6.3AI Score

0.001EPSS

2019-01-09 11:29 PM
28
cve
cve

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS

7.2AI Score

0.001EPSS

2017-10-05 01:29 AM
24