CVE-2022-46682XML External Entity (XXE) Injection in Jenkins Plot

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.8%
top 17.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Jenkins PlotJenkins Project Jenkins Plot PluginJenkins Checkmarx Plugin+6 more
Timeline
PublishedDec 12

Description

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

CVEListV5jenkins_project/jenkins_plot_pluginunspecified2.1.11
NVDjenkins/plot< 2.1.12

🔴Vulnerability Details

2
OSV
Jenkins Plot Plugin XML External Entity Reference vulnerability2022-12-12
GHSA
Jenkins Plot Plugin XML External Entity Reference vulnerability2022-12-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-12-072022-12-07