Lucene search
K

51 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.4 views

CVE-2022-28154

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.1CVSS6.7AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.6 views

CVE-2022-45397

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS6.7AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

6.4CVSS7AI score0.011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.7 views

CVE-2021-21656

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.1CVSS6.7AI score0.01511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.11 views

CVE-2021-21657

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.01596EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.6 views

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

7.6CVSS6.7AI score0.00904EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 p.m.10 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.8CVSS6.7AI score0.01382EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 p.m.6 views

CVE-2020-2180

Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

8.8CVSS7.7AI score0.02282EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/12 12:0 a.m.7 views

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

6AI score0.00437EPSS
Exploits1References1
Prion
Prion
added 2023/09/21 9:15 p.m.19 views

Xxe

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

5CVSS7.4AI score0.01449EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/25 1:15 p.m.5 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
CVE
CVE
added 2023/04/25 12:0 a.m.47 views

CVE-2023-26057

The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/25 12:0 a.m.48 views

CVE-2023-26058

CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/02 9:15 p.m.5 views

CVE-2023-28681

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2CVSS7.3AI score0.00569EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 3:53 p.m.7 views

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.9AI score0.00602EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Jenkins Plugin MSTest 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.4AI score0.01215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19601 · Jenkins · Jenkins Mstest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MSTest Plugin version 1.0.0 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. Recommendations: For Jenkins MSTest Plugin version 1.0.0 and...

9.8CVSS9.1AI score0.01215EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7AI score0.0128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45396

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7AI score0.00961EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.12 views

PT-2022-02: XML External Entity (XXE)

Input validation and proper XML parsers configuration was missing. On the Perfomance Manager+ page, attackers can import XML files. Support of external entities is enabled for processing of such files, which leads to Arbitrary File Read and SSRF. The attack can only be performed by an internal...

6.5CVSS6.4AI score0.00486EPSS
Exploits0
Rows per page
Query Builder