Vulnerabilities > CVE-2022-45386 - XXE vulnerability in Jenkins Violations 0.7.11

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
jenkins
CWE-611

Summary

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vulnerable Configurations

Part Description Count
Application
Jenkins
2