Maven package
org.jenkins-ci.plugins/sinatra-chef-builder
pkg:maven/org.jenkins-ci.plugins/sinatra-chef-builder
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25209 | — | <= 1.20 | — | Feb 15, 2022 | Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2022-25208 | — | <= 1.20 | — | Feb 15, 2022 | A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | ||
| CVE-2022-25207 | — | <= 1.20 | — | Feb 15, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | ||
| CVE-2019-1003087 | — | <= 1.20 | — | Apr 4, 2019 | A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||
| CVE-2019-1003086 | — | <= 1.20 | — | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
- CVE-2022-25209Feb 15, 2022affected <= 1.20
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-25208Feb 15, 2022affected <= 1.20
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
- CVE-2022-25207Feb 15, 2022affected <= 1.20
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
- CVE-2019-1003087Apr 4, 2019affected <= 1.20
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-1003086Apr 4, 2019affected <= 1.20
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.