Vulnerabilities > CVE-2022-45386 - XXE vulnerability in Jenkins Violations 0.7.11

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
jenkins
CWE-611
NVD
Published: 2022-11-15
Updated: 2023-11-01

Summary

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vulnerable Configurations

Part Description Count
Application
Jenkins
2

Common Weakness Enumeration (CWE)

References