Config File Provider@* Security Vulnerabilities and Issues — Config File Provider@* CVE List

Lucene search

JenkinsConfig File Provider*

3 matches found

CVE•added 2019/02/06 4:29 p.m.•65 views

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the...

4.8CVSS4.9AI score0.00067EPSS

CVE•added 2019/01/09 11:29 p.m.•44 views

CVE-2018-1000413

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.

5.4CVSS5.1AI score0.00106EPSS

CVE•added 2019/01/09 11:29 p.m.•37 views

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.

8.1CVSS8AI score0.00072EPSS