) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jenkins:storable_configs:1.0:*:*:*:*:jenkins:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-30971 |
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Published: May 17, 2022; 11:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-2278 |
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. Published: September 16, 2020; 10:15:14 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2020-2277 |
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Published: September 16, 2020; 10:15:14 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |