Jenkins Project Jenkins Storable Configs Plugin vulnerabilities
4 known vulnerabilities affecting jenkins_project/jenkins_storable_configs_plugin.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-30972HIGHCVSS 8.8≥ unspecified, ≤ 1.02022-05-17
CVE-2022-30972 [HIGH] CWE-352 CVE-2022-30972: A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
cvelistv5nvd
CVE-2022-30971HIGHCVSS 8.8≥ unspecified, ≤ 1.02022-05-17
CVE-2022-30971 [HIGH] CWE-611 CVE-2022-30971: Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML ext
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
cvelistv5nvd
CVE-2020-2278MEDIUMCVSS 6.5≥ unspecified, ≤ 1.02020-09-16
CVE-2020-2278 [MEDIUM] CWE-22 CVE-2020-2278: Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allo
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
cvelistv5nvd
CVE-2020-2277MEDIUMCVSS 6.5≥ unspecified, ≤ 1.02020-09-16
CVE-2020-2277 [MEDIUM] CWE-22 CVE-2020-2277: Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitr
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
cvelistv5nvd