VYPR

Storable Configs Plugin

by Jenkins Project

CVEs (4)

  • CVE-2022-30972May 17, 2022
    risk 0.00cvss epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or…

  • CVE-2022-30971May 17, 2022
    risk 0.00cvss epss 0.01

    Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2020-2278Sep 16, 2020
    risk 0.00cvss epss 0.01

    Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.

  • CVE-2020-2277Sep 16, 2020
    risk 0.00cvss epss 0.02

    Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.