CVE-2022-25209 — XML External Entity (XXE) Injection in Project Jenkins Chef Sinatra Plugin

Severity

8.8HIGHNVD

EPSS

0.1%

top 70.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

OSV

Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra↗2022-02-16

▶

GHSA

Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra↗2022-02-16

▶

CVEList

CVE-2022-25209: Jenkins Chef Sinatra Plugin 1↗2022-02-15

▶

Jenkins

Jenkins Security Advisory 2022-02-15↗2022-02-15

▶