Chef Sinatra Plugin

CVEs (5)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2022-25209	Jenkins Project Chef Sinatra Plugin	—	Feb 15, 2022	Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-25208	Jenkins Project Chef Sinatra Plugin	—	Feb 15, 2022	A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2022-25207	Jenkins Project Chef Sinatra Plugin	—	Feb 15, 2022	A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2019-1003086	Jenkins Project Chef Sinatra Plugin	—	Apr 4, 2019	A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003087	Jenkins Project Chef Sinatra Plugin	—	Apr 4, 2019	A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CVE-2022-25209Feb 15, 2022
Jenkins Project
Chef Sinatra Plugin
risk 0.00cvss —epss 0.00
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-25208Feb 15, 2022
Jenkins Project
Chef Sinatra Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2022-25207Feb 15, 2022
Jenkins Project
Chef Sinatra Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2019-1003086Apr 4, 2019
Jenkins Project
Chef Sinatra Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003087Apr 4, 2019
Jenkins Project
Chef Sinatra Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.