CPE-536BF637-CE24-491F-AB68-8D93701BFC42 Detail

CPE Details

Jenkins Config File Provider 3.0 for Jenkins

Vendor

jenkins

Product

config_file_provider

Version

3.0

Created

2019-02-19
12h50 +00:00

Modified

2019-02-19
12h50 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:jenkins:config_file_provider:3.0:::::jenkins::

Informations

Vendor

jenkins

Product

config_file_provider

Version

3.0

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-40339	2023-08-16 14h32 +00:00	Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.	7.5	High
CVE-2021-21645	2021-04-21 12h20 +00:00	Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.	4.3	Medium
CVE-2021-21644	2021-04-21 12h20 +00:00	A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.	5.4	Medium
CVE-2021-21642	2021-04-21 12h20 +00:00	Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	8.1	High
CVE-2021-21643	2021-04-21 12h20 +00:00	Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.	6.5	Medium
CVE-2019-1003014	2019-02-06 15h00 +00:00	An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.	4.8	Medium
CVE-2018-1000413	2019-01-09 22h00 +00:00	A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.	5.4	Medium
CVE-2018-1000414	2019-01-09 22h00 +00:00	A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.	8.1	High

Jenkins Config File Provider 3.0 for Jenkins

CPE Details

CPE Name: cpe:2.3:a:jenkins:config_file_provider:3.0:*:*:*:*:jenkins:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:jenkins:config_file_provider:3.0:::::jenkins::