XML External Entity Vulnerability in Jenkins REPO Plugin by Jenkins
CVE-2022-43415

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Repo Plugin
Vendor: CVE Published:; 19 October 2022

Summary

The Jenkins REPO Plugin versions up to 1.15.0 are susceptible to XML external entity (XXE) attacks due to improper configuration of its XML parser. This vulnerability can allow an attacker to exploit the parser to access sensitive files on the server or execute unauthorized operations. Proper measures should be taken to update the plugin and mitigate potential risks associated with this vulnerability.

Affected Version(s)

Jenkins REPO Plugin <= 1.15.0

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECU...

http://www.openwall.com/lists/oss-security/2022/10/19/3

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 18, 2022