Jenkins

Chef Sinatra

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-25207

  • EPSS 0.07%
  • Published 15.02.2022 17:15:11
  • Last modified 21.11.2024 06:51:48

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

8.8

CVE-2022-25208

  • EPSS 0.96%
  • Published 15.02.2022 17:15:11
  • Last modified 21.11.2024 06:51:48

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

8.8

CVE-2022-25209

  • EPSS 1.63%
  • Published 15.02.2022 17:15:11
  • Last modified 21.11.2024 06:51:48

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5

CVE-2019-1003086

  • EPSS 0.16%
  • Published 04.04.2019 16:29:01
  • Last modified 21.11.2024 04:17:52

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

6.5

CVE-2019-1003087

  • EPSS 0.08%
  • Published 04.04.2019 16:29:01
  • Last modified 21.11.2024 04:17:52

A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.