Lucene search
GitHub Advisory DatabaseGHSA-WQMP-2P5R-RHFVHistoryMay 18, 2022 - 12:00 a.m.
XML External Entity Reference in Jenkins Storable Configs Plugin
2022-05-1800:00:42
CWE-611
GitHub Advisory Database
github.com
6
0.001 Low
EPSS
Percentile
42.6%
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jvnet.hudson.plugins:storable-configs-plugin | le | 1.0 |
Related
prion
prion
Xxe
2022-05-17 15:15:00
cvelist
cvelist
CVE-2022-30971
2022-05-17 14:06:57
osv
osv
XML External Entity Reference in Jenkins Storable Configs Plugin
2022-05-18 00:00:42
CVE-2022-30971
2022-05-17 15:15:11
cve
cve
CVE-2022-30971
2022-05-17 15:15:11
nessus
nessus