Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-RWG2-W82X-V57J
HistoryMar 30, 2022 - 12:00 a.m.

XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin

2022-03-3000:00:26
Google
osv.dev
13
jenkins
phoenix autotest plugin
xml external entity
xxe attacks
jenkins controller
server-side request forgery

EPSS

0.001

Percentile

28.4%

JSON

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to control the input files for the readXml or writeXml build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Related

github 1
cve 1
prion 1
cvelist 1
cnvd 1
nvd 1
nessus 1
github
github
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
2022-03-30 00:00:26
cve
cve
CVE-2022-28155
2022-03-29 13:15:10
prion
prion
Xxe
2022-03-29 13:15:00
cvelist
cvelist
CVE-2022-28155
2022-03-29 12:31:19
cnvd
cnvd
Jenkins Pipeline Phoenix AutoTest Plugin XML External Entity Injection Vulnerability
2022-03-31 00:00:00
nvd
nvd
CVE-2022-28155
2022-03-29 13:15:10
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
2022-03-31 00:00:00

EPSS

0.001

Percentile

28.4%

JSON
Related for OSV:GHSA-RWG2-W82X-V57J
github1cve1prion1cvelist1cnvd1nvd1nessus1