Vulnerabilities > Jenkins > Storable Configs > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-2278 Path Traversal vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
network
low complexity
jenkins CWE-22
6.5
2020-09-16 CVE-2020-2277 Path Traversal vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
network
low complexity
jenkins CWE-22
6.5