Storable Configs

storable_configs

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-30971 1Jenkins 1Storable Configs Nov 21, 2024 May 17, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2278 1Jenkins 1Storable Configs Nov 21, 2024 Sep 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job confi...Show more Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.Show less
CVE-2020-2277 1Jenkins 1Storable Configs Nov 21, 2024 Sep 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.