Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins Subscribe
Filtered by product Chef Sinatra
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25209 1 Jenkins 1 Chef Sinatra 2022-02-23 6.5 MEDIUM 8.8 HIGH
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-25208 1 Jenkins 1 Chef Sinatra 2022-02-23 6.5 MEDIUM 8.8 HIGH
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2022-25207 1 Jenkins 1 Chef Sinatra 2022-02-23 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2019-1003087 1 Jenkins 1 Chef Sinatra 2020-07-15 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003086 1 Jenkins 1 Chef Sinatra 2020-06-23 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.