Vulnerabilities > Jenkins > Xpath Configuration Viewer > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-34811 Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-06-30 CVE-2022-34812 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34813 Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.
network
low complexity
jenkins CWE-862
4.3
4.3