Jenkins Job Import vulnerabilities

CVE-2022-43413 [MEDIUM] CWE-862 CVE-2022-43413: Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, a Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2019-1003015 [CRITICAL] CWE-611 CVE-2019-1003015: An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service atta

CVE-2019-1003016 [HIGH] CWE-352 CVE-2019-1003016: An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earli An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Ov

CVE-2019-1003017 [MEDIUM] CWE-352 CVE-2019-1003017: A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAc A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.