Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25209 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-25208 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2019-1003086 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003087 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||