Vulnerabilities > Jenkins > Storable Configs > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-16 | CVE-2020-2278 | Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | 6.5 |
2020-09-16 | CVE-2020-2277 | Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | 6.5 |