Vulnerabilities > CVE-2022-43415 - XXE vulnerability in Jenkins Repo 1.14.0/1.15.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jenkins
CWE-611
NVD
Published: 2022-10-19
Updated: 2023-11-01

Summary

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vulnerable Configurations

Part Description Count
Application
Jenkins
3

Common Weakness Enumeration (CWE)

References