Lucene search
+L

46 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:48 p.m.26 views

XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

8.1CVSS7.7AI score0.3783EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:48 p.m.10 views

GHSA-2959-FJ73-HM8P Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...

4.3CVSS6.3AI score0.00887EPSS
Exploits0References5
CNVD
CNVD
added 2021/04/23 12:0 a.m.10 views

CloudBees Jenkins Config File Provider Plugin Privilege Checking Vulnerability (CNVD-2021-31659)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...

4.3CVSS6.3AI score0.00887EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/23 12:0 a.m.8 views

CloudBees Jenkins Config File Provider Plugin Privilege Check Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

6.5CVSS6.2AI score0.01082EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/23 12:0 a.m.7 views

CloudBees Jenkins Config File Provider Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-31660)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...

5.8CVSS6.4AI score0.01053EPSS
Exploits0References1
NVD
NVD
added 2021/04/21 3:15 p.m.23 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS0.00887EPSS
Exploits0References2
NVD
NVD
added 2021/04/21 3:15 p.m.22 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS0.01053EPSS
Exploits0References2
OSV
OSV
added 2021/04/21 3:15 p.m.34 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.4CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2021/04/21 3:15 p.m.22 views

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.1CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/04/21 3:15 p.m.26 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6AI score0.01053EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/21 2:20 p.m.180 views

CVE-2021-21645

CVE-2021-21645 affects Jenkins with the Config File Provider Plugin 3.7.0 and earlier. The root cause is missing permission checks in several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate configuration file IDs. This aligns with related advisories (GHSA-2959-FJ73-HM...

4.3CVSS4.6AI score0.00887EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/21 2:20 p.m.180 views

CVE-2021-21644

Summary: CVE-2021-21644 affects Jenkins Config File Provider Plugin 3.7.0 and earlier. The vulnerability arises from an HTTP endpoint that does not require POST requests, enabling a CSRF attack to delete configuration files by attacker-specified IDs. The issue is addressed by upgrading to 3.7.1, ...

5.8CVSS5.6AI score0.01053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/21 2:20 p.m.24 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

6.4AI score0.01053EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/04/21 2:20 p.m.32 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS4.9AI score0.01053EPSS
Exploits0References2
CVE
CVE
added 2021/04/21 2:20 p.m.189 views

CVE-2021-21642

CVE-2021-21642 affects Jenkins Config File Provider Plugin versions 3.7.0 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. The advisory notes that XXE can enable an attacker to exfiltrate secrets via crafted configuration ...

8.1CVSS7.8AI score0.3783EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/21 2:20 p.m.187 views

CVE-2021-21643

CVE-2021-21643 affects Jenkins Config File Provider Plugin (version 3.7.0 and earlier). The vulnerability arises because the plugin does not correctly perform permission checks on several HTTP endpoints, allowing attackers who have global Job/Configure permission to enumerate system-scoped creden...

6.5CVSS6.4AI score0.01082EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.5 views

Red Hat OpenShift Container Platform 安全漏洞

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

6.5CVSS5.8AI score0.01082EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2019/02/20 2:11 p.m.4 views

jenkins-plugin-config-file-provider: Stored XSS vulnerability in Config File Provider Plugin (SECURITY-1253)

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS6.7AI score0.0088EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/02/07 11:49 a.m.27 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS5.1AI score0.0088EPSS
Exploits0References4
OSV
OSV
added 2019/02/06 4:29 p.m.25 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder