Jenkins Chef Sinatra

Do you want an email whenever new security vulnerabilities are reported in Jenkins Chef Sinatra?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Chef Sinatra . Last year Chef Sinatra had 3 security vulnerabilities published. Right now, Chef Sinatra is on track to have less security vulnerabilities in 2023 than it did last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	3	8.80
2021	0	0.00
2020	0	0.00
2019	2	6.50
2018	0	0.00

It may take a day or so for new Chef Sinatra vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Chef Sinatra Security Vulnerabilities

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-25209 8.8 - High - February 15, 2022

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

XXE

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier

CVE-2022-25208 8.8 - High - February 15, 2022

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

AuthZ

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier

CVE-2022-25207 8.8 - High - February 15, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

Session Riding

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method

CVE-2019-1003086 6.5 - Medium - April 04, 2019

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Session Riding

A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method

CVE-2019-1003087 6.5 - Medium - April 04, 2019

A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Chef Sinatra or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Chef Sinatra
Product

Jenkins Chef Sinatra

By the Year

Recent Jenkins Chef Sinatra Security Vulnerabilities

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. CVE-2022-25209 8.8 - High - February 15, 2022

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier CVE-2022-25208 8.8 - High - February 15, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier CVE-2022-25207 8.8 - High - February 15, 2022

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method CVE-2019-1003086 6.5 - Medium - April 04, 2019

A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method CVE-2019-1003087 6.5 - Medium - April 04, 2019