Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

117 matches found

CNVD
CNVDadded 2019/01/11 12:0 a.m.1 views

CloudBees Jenkins Config File Provider Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

5.4CVSS6.3AI score0.00947EPSS
Exploits0References1
CNVD
CNVDadded 2019/01/11 12:0 a.m.2 views

CloudBees Jenkins Config File Provider Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

8.1CVSS7AI score0.00835EPSS
Exploits0References1
OSV
OSVadded 2019/01/09 11:29 p.m.19 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS6.6AI score
Exploits0References2
NVD
NVDadded 2019/01/09 11:29 p.m.16 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS8.1AI score0.00835EPSS
Exploits0References2
Prion
Prionadded 2019/01/09 11:29 p.m.14 views

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins...

3.5CVSS5.2AI score0.00947EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/01/09 11:0 p.m.23 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1AI score0.00835EPSS
Exploits0References2
CVE
CVEadded 2019/01/09 11:0 p.m.57 views

CVE-2018-1000413

The vulnerability CVE-2018-1000413 affects Jenkins Config File Provider Plugin (versions ≤ 3.1). The issue is a cross-site scripting flaw in the configfiles.jelly and providerlist.jelly components that allows users who can configure configuration files to inject arbitrary HTML into Jenkins pages....

5.4CVSS5.1AI score0.00947EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2019/01/09 11:0 p.m.52 views

CVE-2018-1000414

CVE-2018-1000414 describes a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.1 and earlier, located in ConfigFilesManagement.java and FolderConfigFileAction.java, that allows a remote attacker to create and edit configuration file definitions. The issue af...

8.1CVSS8AI score0.00835EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/01/09 11:0 p.m.20 views

CVE-2018-1000413

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins...

5.2AI score0.00947EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2019/01/09 11:0 p.m.25 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS2.6AI score0.00835EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2019/01/09 12:0 a.m.4 views

PT-2019-8724 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.1 and earlier Description: A cross-site scripting issue exists in the configfiles.jelly and providerlist.jelly files, allowing users who can configure configuration files to insert arbitrary HTML...

5.4CVSS5.2AI score0.00947EPSS
Exploits0References7
OSV
OSVadded 2017/10/05 1:29 a.m.17 views

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.8AI score
Exploits0References1
NVD
NVDadded 2017/10/05 1:29 a.m.19 views

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.4AI score0.00818EPSS
Exploits0References1
Prion
Prionadded 2017/10/05 1:29 a.m.15 views

Design/Logic Flaw

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

4CVSS6.4AI score0.00818EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2017/10/04 1:0 a.m.22 views

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.4AI score0.00818EPSS
Exploits0References1
CVE
CVEadded 2017/10/04 1:0 a.m.52 views

CVE-2017-1000104

CVE-2017-1000104 concerns the Jenkins Config File Provider Plugin, which manages configuration files that may include secrets. The issue arises from insufficient access control: users with only Overall/Read access could view URLs to configuration files, until permissions were tightened to require...

6.5CVSS6.3AI score0.00818EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2017/08/17 12:0 a.m.3 views

CloudBees Jenkins Config File Provider Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Config File Provider i...

6.5CVSS6.1AI score0.00818EPSS
Exploits0References1
Rows per page
Query Builder