org.jvnet.hudson.plugins:storable-configs-plugin

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jvnet.hudson.plugins:storable-configs-pluginpage 1 of 1

CVE-2020-2277MEDIUMCVSS 6.5EG 6.5
2020-09-16
vulnerable: 1.0
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
CVE-2020-2278MEDIUMCVSS 6.5EG 6.5
2020-09-16
vulnerable: 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's conten…
CVE-2022-30971HIGHCVSS 8.8EG 7.1
2022-05-17
vulnerable: 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-30972HIGHCVSS 8.8EG 7.1
2022-05-17
vulnerable: 1.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets f…

Check whether org.jvnet.hudson.plugins:storable-configs-plugin is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jvnet.hudson.plugins:storable-configs-plugin CVEs against the assets you own.

Start Free Scan →