Vulnerabilities > Jenkins > Storable Configs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-17 | CVE-2022-30971 | XXE vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
2020-09-16 | CVE-2020-2278 | Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | 6.5 |
2020-09-16 | CVE-2020-2277 | Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 6.5 |