Vulnerabilities > Jenkins > Config File Provider > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-40339 Unspecified vulnerability in Jenkins Config File Provider
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
network
low complexity
jenkins
7.5
7.5
2021-04-21 CVE-2021-21642 XXE vulnerability in Jenkins Config File Provider
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.1
8.1
2019-01-09 CVE-2018-1000414 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Config File Provider
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.
network
low complexity
jenkins CWE-352
8.1
8.1