Lucene search
K

46 matches found

Cvelist
Cvelist
added 2019/02/06 4:0 p.m.19 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

5AI score0.0088EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2019/02/06 4:0 p.m.20 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

4.8CVSS5.1AI score0.0088EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/09 11:0 p.m.24 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

8.1AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2019/01/09 11:0 p.m.59 views

CVE-2018-1000413

The vulnerability CVE-2018-1000413 affects Jenkins Config File Provider Plugin (versions ≤ 3.1). The issue is a cross-site scripting flaw in the configfiles.jelly and providerlist.jelly components that allows users who can configure configuration files to inject arbitrary HTML into Jenkins pages....

5.4CVSS5.1AI score0.00947EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/01/09 11:0 p.m.60 views

CVE-2018-1000414

CVE-2018-1000414 describes a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.1 and earlier, located in ConfigFilesManagement.java and FolderConfigFileAction.java, that allows a remote attacker to create and edit configuration file definitions. The issue af...

8.1CVSS8AI score0.00835EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.54 views

CVE-2017-1000104

CVE-2017-1000104 concerns the Jenkins Config File Provider Plugin, which manages configuration files that may include secrets. The issue arises from insufficient access control: users with only Overall/Read access could view URLs to configuration files, until permissions were tightened to require...

6.5CVSS6.3AI score0.00818EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder