39 matches found
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21642
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21645
CVE-2021-21645 affects Jenkins with the Config File Provider Plugin 3.7.0 and earlier. The root cause is missing permission checks in several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate configuration file IDs. This aligns with related advisories (GHSA-2959-FJ73-HM...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
Summary: CVE-2021-21644 affects Jenkins Config File Provider Plugin 3.7.0 and earlier. The vulnerability arises from an HTTP endpoint that does not require POST requests, enabling a CSRF attack to delete configuration files by attacker-specified IDs. The issue is addressed by upgrading to 3.7.1, ...
CVE-2021-21642
CVE-2021-21642 affects Jenkins Config File Provider Plugin versions 3.7.0 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. The advisory notes that XXE can enable an attacker to exfiltrate secrets via crafted configuration ...
CVE-2021-21643
CVE-2021-21643 affects Jenkins Config File Provider Plugin (version 3.7.0 and earlier). The vulnerability arises because the plugin does not correctly perform permission checks on several HTTP endpoints, allowing attackers who have global Job/Configure permission to enumerate system-scoped creden...
Red Hat OpenShift Container Platform 安全漏洞
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2018-1000414
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...
CVE-2018-1000414
CVE-2018-1000414 describes a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.1 and earlier, located in ConfigFilesManagement.java and FolderConfigFileAction.java, that allows a remote attacker to create and edit configuration file definitions. The issue af...
CVE-2018-1000413
The vulnerability CVE-2018-1000413 affects Jenkins Config File Provider Plugin (versions ≤ 3.1). The issue is a cross-site scripting flaw in the configfiles.jelly and providerlist.jelly components that allows users who can configure configuration files to inject arbitrary HTML into Jenkins pages....
CVE-2017-1000104
CVE-2017-1000104 concerns the Jenkins Config File Provider Plugin, which manages configuration files that may include secrets. The issue arises from insufficient access control: users with only Overall/Read access could view URLs to configuration files, until permissions were tightened to require...