CVE-2022-34793

Severity

8.8HIGH

EPSS

1.8%

top 17.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 30

Latest updateJul 1

Description

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

GHSA

XML External Entity Reference in Jenkins Recipe Plugin↗2022-07-01

▶

OSV

XML External Entity Reference in Jenkins Recipe Plugin↗2022-07-01

▶

CVEList

CVE-2022-34793: Jenkins Recipe Plugin 1↗2022-06-30

▶

Jenkins

Jenkins Security Advisory 2022-06-30↗2022-06-30

▶