Known Vulnerabilities
CVE-2022-30972
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2278
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
CVE-2020-2277
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.