Lucene search
HistoryNov 15, 2022 - 8:15 p.m.
CVE-2022-45386
jenkins
violations plugin
xml parsing
vulnerability
cve-2022-45386
xxe attack
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.0%
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected configurations
Node
jenkinsviolationsRange≤0.7.11jenkins
Related
github
github
XML External Entity Reference in Jenkins Violations Plugin
2022-11-16 12:00:23
cvelist
cvelist
CVE-2022-45386
2022-11-15 00:00:00
prion
prion
Xxe
2022-11-15 20:15:00
osv
osv
XML External Entity Reference in Jenkins Violations Plugin
2022-11-16 12:00:23
cve
cve
CVE-2022-45386
2022-11-15 20:15:11
nessus
nessus
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.0%
Related for NVD:CVE-2022-45386