Lucene search

Jenkins Storable Configs Plugin Security Vulnerabilities

cve

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE)...

8.8CVSS

8.7AI Score

0.001EPSS

2022-05-17 03:15 PM

cve

CVE-2022-30972

A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-17 03:15 PM

cve

CVE-2020-2277

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins...

6.5CVSS

6.3AI Score

0.001EPSS

2020-09-16 02:15 PM

cve

CVE-2020-2278

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's...

6.5CVSS

6.3AI Score

0.001EPSS

2020-09-16 02:15 PM