Precios Enterprise

CVE-2022-45396

9.8CRITICAL

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Publicado: 11/15/2022Actualizado: 4/30/2025

Ver en NVD Ver en MITRE

Descripción

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Análisis IAImpulsado por IA

Productos Afectados

jenkinssourcemonitor

Referencias

http://www.openwall.com/lists/oss-security/2022/11/15/4
Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/11/15/4
Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927
Vendor Advisory