CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

Positive Technologies•added 2023/08/16 12:0 a.m.•4 views

PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier Description: The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build...

7.5CVSS6.6AI score0.00651EPSS

Exploits0References10

CNNVD•added 2023/08/16 12:0 a.m.•3 views

Jenkins Plugin Config File Provider 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS6.8AI score0.00651EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 4:35 a.m.•4 views

SUSE CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.5AI score0.00818EPSS

Exploits0References3

Check Point Advisories•added 2022/11/20 12:0 a.m.•3 views

Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)

An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin...

5.5CVSS3.2AI score0.3783EPSS

Exploits0

Tenable Nessus•added 2022/09/15 12:0 a.m.•50 views

RHEL 7 / 8 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

8.1CVSS6.6AI score0.3783EPSS

Exploits0References15

Github Security Blog•added 2022/05/24 5:48 p.m.•38 views

Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...

4.3CVSS5.2AI score0.00887EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/24 5:48 p.m.•31 views

Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

6.5CVSS6.5AI score0.01082EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/24 5:48 p.m.•24 views

XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

8.1CVSS7.7AI score0.3783EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/24 5:48 p.m.•2 views

GHSA-3M3F-2323-64M7 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

6.5CVSS5.8AI score0.01082EPSS

Exploits0References5

OSV•added 2022/05/24 5:48 p.m.•1 views

GHSA-Q7XG-HH3Q-HC68 XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

8.1CVSS7.2AI score0.3783EPSS

Exploits0References5

OSV•added 2022/05/24 5:48 p.m.•0 views

GHSA-2959-FJ73-HM8P Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

4.3CVSS6.3AI score0.00887EPSS

Exploits0References5

Github Security Blog•added 2022/05/24 5:48 p.m.•32 views

CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...

5.8CVSS5.8AI score0.01053EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/24 5:48 p.m.•0 views

GHSA-998M-F2X3-JJQ4 CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

5.4CVSS6.4AI score0.01053EPSS

Exploits0References5

Github Security Blog•added 2022/05/14 1:40 a.m.•15 views

Stored XSS vulnerability in Config File Provider Plugin

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins...

5.4CVSS6.1AI score0.00947EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/14 1:40 a.m.•16 views

GHSA-VWFM-42Q6-QJ75 Stored XSS vulnerability in Config File Provider Plugin

5.4CVSS5.1AI score0.00947EPSS

Exploits0References4

Github Security Blog•added 2022/05/14 1:39 a.m.•17 views

CSRF vulnerability in Config File Provider Plugin

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1CVSS6.9AI score0.00835EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/14 1:39 a.m.•18 views

GHSA-R5M8-5MWX-CMJ8 CSRF vulnerability in Config File Provider Plugin

8.1CVSS8AI score0.00835EPSS

Exploits0References4

Github Security Blog•added 2022/05/13 1:40 a.m.•14 views

Improper Privilege Management in Jenkins Config File Provider Plugin

6.5CVSS6.6AI score0.00818EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/13 1:40 a.m.•19 views

GHSA-6H72-M3XW-FP3C Improper Privilege Management in Jenkins Config File Provider Plugin

6.5CVSS6.4AI score0.00818EPSS

Exploits0References2

Github Security Blog•added 2022/05/13 1:31 a.m.•27 views

Jenkins Config File Provider Plugin XSS vulnerability

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS6.6AI score0.0088EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by