CVE-2022-41241

Severity

9.1CRITICAL

EPSS

0.5%

top 33.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 21

Latest updateSep 22

Description

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

OSV

Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference↗2022-09-22

▶

GHSA

Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference↗2022-09-22

▶

CVEList

CVE-2022-41241: Jenkins RQM Plugin 2↗2022-09-21

▶

Jenkins

Jenkins Security Advisory 2022-09-21↗2022-09-21

▶