Known Vulnerabilities for Config File Provider by Jenkins
Listed below are 9 of the newest known vulnerabilities associated with "Config File Provider" by "Jenkins".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45246 json | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path t... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-41009 json | When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inj... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-7817 json | Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoint... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2023-40339 json | Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials... | 7.5 - HIGH | 2023-08-16 | 2023-08-22 |
| CVE-2021-21645 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers... | 4.3 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21644 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers t... | 5.4 - MEDIUM | 2021-04-21 | 2023-11-30 |
| CVE-2021-21643 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints,... | 6.5 - MEDIUM | 2021-04-21 | 2023-10-25 |
| CVE-2021-21642 json | Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) ... | 8.1 - HIGH | 2021-04-21 | 2023-10-25 |
| CVE-2019-1003014 json | An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/l... | 4.8 - MEDIUM | 2019-02-06 | 2023-10-25 |
| CVE-2018-1000414 json | A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManage... | 8.1 - HIGH | 2019-01-09 | 2019-01-22 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Config File Provider | 3.5 | |||
| Application | Jenkins | Config File Provider | 3.4.1 | |||
| Application | Jenkins | Config File Provider | 3.4 | |||
| Application | Jenkins | Config File Provider | 3.3 | |||
| Application | Jenkins | Config File Provider | 3.2 | |||
| Application | Jenkins | Config File Provider | 3.1 | |||
| Application | Jenkins | Config File Provider | 3.0 | |||
| Application | Jenkins | Config File Provider | 2.9.3 | |||
| Application | Jenkins | Config File Provider | 2.9.2 | |||
| Application | Jenkins | Config File Provider | 2.9.1 | |||
| Application | Jenkins | Config File Provider | 2.8.1 | |||
| Application | Jenkins | Config File Provider | 2.7.5 | |||
| Application | Jenkins | Config File Provider | 2.7.4 | |||
| Application | Jenkins | Config File Provider | 2.7.3 | |||
| Application | Jenkins | Config File Provider | 2.7.2 | |||
| Application | Jenkins | Config File Provider | 2.7.1 | |||
| Application | Jenkins | Config File Provider | 2.7 | |||
| Application | Jenkins | Config File Provider | 2.6.2 | |||
| Application | Jenkins | Config File Provider | 2.6.1 | |||
| Application | Jenkins | Config File Provider | 2.6 |