Maven package
org.jvnet.hudson.plugins/storable-configs-plugin
pkg:maven/org.jvnet.hudson.plugins/storable-configs-plugin
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30972 | — | <= 1.0 | — | May 17, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side | ||
| CVE-2022-30971 | — | <= 1.0 | — | May 17, 2022 | Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2020-2278 | — | <= 1.0 | — | Sep 16, 2020 | Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | ||
| CVE-2020-2277 | — | <= 1.0 | — | Sep 16, 2020 | Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. |
- CVE-2022-30972May 17, 2022affected <= 1.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side
- CVE-2022-30971May 17, 2022affected <= 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2020-2278Sep 16, 2020affected <= 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
- CVE-2020-2277Sep 16, 2020affected <= 1.0
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.