Jenkins Rqm vulnerabilities
3 known vulnerabilities affecting jenkins/rqm.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-41241CRITICALCVSS 9.1≤ 2.82022-09-21
CVE-2022-41241 [CRITICAL] CWE-611 CVE-2022-41241: Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
nvd
CVE-2022-34810MEDIUMCVSS 6.5≤ 2.82022-06-30
CVE-2022-34810 [MEDIUM] CWE-862 CVE-2022-34810: A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
nvd
CVE-2022-34809MEDIUMCVSS 6.5≤ 2.82022-06-30
CVE-2022-34809 [MEDIUM] CWE-522 CVE-2022-34809: Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
nvd