GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

GHSA-3Q7F-W8FR-368V Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

Design/Logic Flaw

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2022-34813

CVE-2022-34813 affects Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The root cause is a missing permission check in several HTTP endpoints, allowing users with Overall/Read permission to create and delete XPath expressions. Some advisories also note CSRF risk due to endpo...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34812

CVE-2022-34812 is a cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The issue allows attackers with the user’s or an attacker’s access to perform create and delete XPath expressions, as stated in the CVE description and mult...

CVE-2022-34811

CVE-2022-34811: Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier has a missing permission check that allows users with Overall/Read to access the XPath Configuration Viewer page. The issue, described in multiple sources (NVD, CVE lists, OSS advisories), can expose the XPath configurati...