VDB
CISA-2022-45400
CISA-2022-45400
PUBLISHED
CVSS 9.8 CRITICAL
Reported by jenkins · Published November 15, 2022
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins project | Jenkins JAPEX Plugin | unspecified, next of 1.7 |
| Jenkins project | Jenkins JAPEX Plugin | unspecified, *, unspecified |
Timeline
- Nov 15, 2022 CVE Published
- Apr 30, 2025 CVE Updated