jenkins_config_file_provider

unspecified

OTHER 4 CVEs

3.4.1 and earlier

OTHER 1 CVE

3.7.0

SEMANTIC 4 CVEs

951.953.vdfc5f6e2dcc4

OTHER 1 CVE

953.v0432a_802e4d2

OTHER 1 CVE

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

UNKNOWN Aug 16, 2023

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.

UNKNOWN Apr 21, 2021

CVE-2021-21644

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

UNKNOWN Apr 21, 2021

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

UNKNOWN Apr 21, 2021

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.

UNKNOWN Apr 21, 2021