Jenkins Config File Provider — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Config File Provider, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-1000414 — CVSS 8.1 (high): A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java…
CVE-2021-21642 — CVSS 8.1 (high): Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2023-40339 — CVSS 7.5 (high): Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in…
CVE-2021-21643 — CVSS 6.5 (medium): Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing…
CVE-2017-1000104 — CVSS 6.5 (medium): The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with…
CVE-2018-1000413 — CVSS 5.4 (medium): A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly…
CVE-2021-21644 — CVSS 5.4 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete…
CVE-2019-1003014 — CVSS 4.8 (medium): An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/…
CVE-2021-21645 — CVSS 4.3 (medium): Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with…