117 matches found
CVE-2021-21642
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21642
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
Jenkins Config File Provider Plugin 代码问题漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Config File Provider Plugin version 3.7.0 and prior versions that stems from...
Jenkins Config File Provider Plugin 安全漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...
Jenkins Config File Provider Plugin 跨站请求伪造漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...
Red Hat OpenShift Container Platform 安全漏洞
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...
PT-2021-14686 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue concerns incorrect permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentia...
PT-2021-14688 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue concerns a lack of permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate configuration file IDs. This ca...
PT-2021-14687 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This issue arises because th...
PT-2021-14685 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
Cross site scripting
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
CVE-2019-1003014 covers a cross-site scripting vulnerability in Jenkins Config File Provider Plugin (versions 3.4.1 and earlier). The issue resides in src/main/resources/lib/configfiles/configfiles.jelly, enabling attackers who have permission to define shared configuration files to execute arbit...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
PT-2019-11312 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.4.1 and earlier Description: A cross-site scripting issue exists that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to...