Skip to main content

Storable Configs

3 CVEs product

Monthly

CVE-2022-30971 Maven HIGH This Week

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Storable Configs
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2278 Maven MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-2277 Maven MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD
CVSS 3.1
6.5
EPSS
1.7%
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Storable Configs
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy