46 matches found
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...
CVE-2018-1000414
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...
CVE-2018-1000413
The vulnerability CVE-2018-1000413 affects Jenkins Config File Provider Plugin (versions ≤ 3.1). The issue is a cross-site scripting flaw in the configfiles.jelly and providerlist.jelly components that allows users who can configure configuration files to inject arbitrary HTML into Jenkins pages....
CVE-2018-1000414
CVE-2018-1000414 describes a cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.1 and earlier, located in ConfigFilesManagement.java and FolderConfigFileAction.java, that allows a remote attacker to create and edit configuration file definitions. The issue af...
CVE-2017-1000104
CVE-2017-1000104 concerns the Jenkins Config File Provider Plugin, which manages configuration files that may include secrets. The issue arises from insufficient access control: users with only Overall/Read access could view URLs to configuration files, until permissions were tightened to require...