cbcvebase.
CVE-2022-46682
published 2022-12-12

CVE-2022-46682: Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

PriorityP344critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.95%
56.7th percentile
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected

9 ranges
VendorProductVersion rangeFixed in
jenkinscheckmarx_plugin
jenkinscustom_build_properties_plugin
jenkinsgitea_plugin
jenkinsgoogle_login_plugin
jenkinsplot< 2.1.122.1.12
jenkinsplot_plugin
jenkinssonar_gerrit_plugin
jenkinsspring_config_plugin
jenkins_projectjenkins_plot_pluginunspecified – 2.1.11
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.