Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Jenkins project

jenkins_chef_sinatra

4 Versions 5 CVEs

Versions

1.20

MAJOR_MINOR 3 CVEs

unspecified

OTHER 3 CVEs

next of 1.20

OTHER 3 CVEs

all versions as of 2019-04-03

DATE_BASED 2 CVEs

Recent CVEs

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

UNKNOWN Feb 15, 2022

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

UNKNOWN Feb 15, 2022

CVE-2022-25207

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

UNKNOWN Feb 15, 2022

CVE-2019-1003087

A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

UNKNOWN Apr 04, 2019