Jenkins Storable Configs vulnerabilities
3 known vulnerabilities affecting jenkins/storable_configs.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-30971HIGHCVSS 8.8≤ 1.02022-05-17
CVE-2022-30971 [HIGH] CWE-611 CVE-2022-30971: Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML ext
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
nvd
CVE-2020-2278MEDIUMCVSS 6.5≤ 1.02020-09-16
CVE-2020-2278 [MEDIUM] CWE-22 CVE-2020-2278: Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allo
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
nvd
CVE-2020-2277MEDIUMCVSS 6.5≤ 1.02020-09-16
CVE-2020-2277 [MEDIUM] CWE-22 CVE-2020-2277: Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitr
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
nvd