Lucene search
China National Vulnerability DatabaseCNVD-2022-54934HistoryMar 31, 2022 - 12:00 a.m.
Jenkins Pipeline Phoenix AutoTest Plugin XML External Entity Injection Vulnerability
2022-03-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
0.001 Low
EPSS
Percentile
28.4%
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.The Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier versions are vulnerable to XML external entity injection, which can be exploited by remote attackers to send specially crafted XML files to extract secrets from Jenkins controller or server-side request forgery to extract secrets.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins pipeline phoenix autotest plugin | lt | 1.3 |
Related
cve
cve
CVE-2022-28155
2022-03-29 13:15:10
github
github
osv
osv
prion
prion
Xxe
2022-03-29 13:15:00
cvelist
cvelist
CVE-2022-28155
2022-03-29 12:31:19
nvd
nvd
CVE-2022-28155
2022-03-29 13:15:10
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
2022-03-31 00:00:00