Known Vulnerabilities for Config File Provider by Jenkins
Listed below are 9 of the newest known vulnerabilities associated with "Config File Provider" by "Jenkins".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40339 json | Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials... | 7.5 - HIGH | 2023-08-16 | 2023-08-22 |
| CVE-2021-21645 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers... | 4.3 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21644 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers t... | 5.4 - MEDIUM | 2021-04-21 | 2023-11-30 |
| CVE-2021-21643 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints,... | 6.5 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21642 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) ... | 8.1 - HIGH | 2021-04-21 | 2023-10-25 |
| CVE-2019-1003014 json | An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/l... | 4.8 - MEDIUM | 2019-02-06 | 2023-10-25 |
| CVE-2018-1000414 json | A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManage... | 8.1 - HIGH | 2019-01-09 | 2019-01-22 |
| CVE-2018-1000413 json | A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, prov... | 5.4 - MEDIUM | 2019-01-09 | 2023-01-31 |
| CVE-2017-1000104 json | The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords... | 6.5 - MEDIUM | 2017-10-05 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Config File Provider | 3.5 | |||
| Application | Jenkins | Config File Provider | 3.4.1 | |||
| Application | Jenkins | Config File Provider | 3.4 | |||
| Application | Jenkins | Config File Provider | 3.3 | |||
| Application | Jenkins | Config File Provider | 3.2 | |||
| Application | Jenkins | Config File Provider | 3.1 | |||
| Application | Jenkins | Config File Provider | 3.0 | |||
| Application | Jenkins | Config File Provider | 2.9.3 | |||
| Application | Jenkins | Config File Provider | 2.9.2 | |||
| Application | Jenkins | Config File Provider | 2.9.1 | |||
| Application | Jenkins | Config File Provider | 2.8.1 | |||
| Application | Jenkins | Config File Provider | 2.7.5 | |||
| Application | Jenkins | Config File Provider | 2.7.4 | |||
| Application | Jenkins | Config File Provider | 2.7.3 | |||
| Application | Jenkins | Config File Provider | 2.7.2 | |||
| Application | Jenkins | Config File Provider | 2.7.1 | |||
| Application | Jenkins | Config File Provider | 2.7 | |||
| Application | Jenkins | Config File Provider | 2.6.2 | |||
| Application | Jenkins | Config File Provider | 2.6.1 | |||
| Application | Jenkins | Config File Provider | 2.6 |