Lucene search
K

31 matches found

CVE
CVE
added 2021/04/21 2:20 p.m.187 views

CVE-2021-21643

CVE-2021-21643 affects Jenkins Config File Provider Plugin (version 3.7.0 and earlier). The vulnerability arises because the plugin does not correctly perform permission checks on several HTTP endpoints, allowing attackers who have global Job/Configure permission to enumerate system-scoped creden...

6.5CVSS6.4AI score0.01082EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/21 2:20 p.m.189 views

CVE-2021-21642

CVE-2021-21642 affects Jenkins Config File Provider Plugin versions 3.7.0 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. The advisory notes that XXE can enable an attacker to exfiltrate secrets via crafted configuration ...

8.1CVSS7.8AI score0.3783EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.5 views

Red Hat OpenShift Container Platform 安全漏洞

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

6.5CVSS5.8AI score0.01082EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2019/02/07 11:49 a.m.25 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS5.1AI score0.0088EPSS
Exploits0References4
OSV
OSV
added 2019/02/06 4:29 p.m.24 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS6.2AI score
Exploits0References3
AlpineLinux
AlpineLinux
added 2019/02/06 4:0 p.m.20 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS5.1AI score0.0088EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/02/06 4:0 p.m.20 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

5AI score0.0088EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/09 11:0 p.m.24 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2019/01/09 11:0 p.m.59 views

CVE-2018-1000413

The vulnerability CVE-2018-1000413 affects Jenkins Config File Provider Plugin (versions ≤ 3.1). The issue is a cross-site scripting flaw in the configfiles.jelly and providerlist.jelly components that allows users who can configure configuration files to inject arbitrary HTML into Jenkins pages....

5.4CVSS5.1AI score0.00947EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/01/09 11:0 p.m.60 views

CVE-2018-1000414

CVE-2018-1000414 describes a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.1 and earlier, located in ConfigFilesManagement.java and FolderConfigFileAction.java, that allows a remote attacker to create and edit configuration file definitions. The issue af...

8.1CVSS8AI score0.00835EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.55 views

CVE-2017-1000104

CVE-2017-1000104 concerns the Jenkins Config File Provider Plugin, which manages configuration files that may include secrets. The issue arises from insufficient access control: users with only Overall/Read access could view URLs to configuration files, until permissions were tightened to require...

6.5CVSS6.3AI score0.00818EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder