CVE-2022-28140
published 2022-03-29CVE-2022-28140: Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bitbucket_server_integration_plugin | — | — |
| jenkins | complexity_scatter_plot_plugin | — | — |
| jenkins | continuous_integration_with_toad_edge_plugin | — | — |
| jenkins | flaky_test_handler | <= 1.2.1 | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jiratestresultreporter_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | phoenix_autotest_plugin | — | — |
| jenkins | proxmox_plugin | — | — |
| jenkins | rocketchat_notifier_plugin | — | — |
| jenkins | sitemonitor_plugin | — | — |
| jenkins | some_reports_generated_by_this_plugin | — | — |
| jenkins | tests_selector_plugin | — | — |
| jenkins | windows_in_continuous_integration_with_toad_edge_plugin | — | — |
| jenkins_project | jenkins_flaky_test_handler_plugin | unspecified – 1.2.1 | — |