Jenkins: >> Storable Configs Security Vulnerabilities
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-05-17
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
CVSS Score
6.5
EPSS Score
0.015
Published
2020-09-16
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-09-16