Known Vulnerabilities for Config File Provider by Jenkins
Listed below are 8 of the newest known vulnerabilities associated with "Config File Provider" by "Jenkins".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-21645 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers... | 4.3 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21644 | A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers t... | 5.4 - MEDIUM | 2021-04-21 | 2023-11-30 |
| CVE-2021-21643 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints,... | 6.5 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21642 | Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) ... | 8.1 - HIGH | 2021-04-21 | 2023-10-25 |
| CVE-2019-1003014 | An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/l... | 4.8 - MEDIUM | 2019-02-06 | 2023-10-25 |
| CVE-2018-1000414 | A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManage... | 8.1 - HIGH | 2019-01-09 | 2019-01-22 |
| CVE-2018-1000413 | A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, prov... | 5.4 - MEDIUM | 2019-01-09 | 2023-01-31 |
| CVE-2017-1000104 | The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords... | 6.5 - MEDIUM | 2017-10-05 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Config File Provider | 3.5 | All | All | All |
| Application | Jenkins | Config File Provider | 3.4.1 | All | All | All |
| Application | Jenkins | Config File Provider | 3.4 | All | All | All |
| Application | Jenkins | Config File Provider | 3.3 | All | All | All |
| Application | Jenkins | Config File Provider | 3.2 | All | All | All |
| Application | Jenkins | Config File Provider | 3.1 | All | All | All |
| Application | Jenkins | Config File Provider | 3.0 | All | All | All |
| Application | Jenkins | Config File Provider | 2.9.3 | All | All | All |
| Application | Jenkins | Config File Provider | 2.9.2 | All | All | All |
| Application | Jenkins | Config File Provider | 2.9.1 | All | All | All |
| Application | Jenkins | Config File Provider | 2.8.1 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7.5 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7.4 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7.3 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7.2 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7.1 | All | All | All |
| Application | Jenkins | Config File Provider | 2.7 | All | All | All |
| Application | Jenkins | Config File Provider | 2.6.2 | All | All | All |
| Application | Jenkins | Config File Provider | 2.6.1 | All | All | All |
| Application | Jenkins | Config File Provider | 2.6 | All | All | All |