Vulnerabilities > CVE-2022-28155 - XXE vulnerability in Jenkins Pipeline: Phoenix Autotest

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

NVD

Published: 2022-03-29

Updated: 2023-11-03

Summary

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Part	Description	Count
Application	Jenkins Jenkins Pipeline _Phoenix_Autotest	5