Vulnerabilities > Jenkins > Storable Configs

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-30971 XXE vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
2020-09-16 CVE-2020-2278 Path Traversal vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
network
low complexity
jenkins CWE-22
6.5
2020-09-16 CVE-2020-2277 Path Traversal vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
network
low complexity
jenkins CWE-22
6.5