Vulnerabilities > Jenkins > Config File Provider > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-16 | CVE-2023-40339 | Unspecified vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | 7.5 |
2021-04-21 | CVE-2021-21642 | XXE vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
2019-01-09 | CVE-2018-1000414 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Config File Provider A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. | 8.1 |