CVE-2022-28140XML External Entity (XXE) Injection in Project Jenkins Flaky Test Handler Plugin

CWE-611XML External Entity (XXE) Injection5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 62.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Flaky Test Handler PluginJenkins Flaky Test Handler
Timeline
PublishedMar 29
Latest updateMar 30

Description

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_flaky_test_handler_pluginunspecified1.2.1

🔴Vulnerability Details

3
OSV
XXE vulnerability in Jenkins Flaky Test Handler Plugin2022-03-30
GHSA
XXE vulnerability in Jenkins Flaky Test Handler Plugin2022-03-30
CVEList
CVE-2022-28140: Jenkins Flaky Test Handler Plugin 12022-03-29

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-03-292022-03-29
CVE-2022-28140 — XML External Entity (XXE) Injection | cvebase