CVE-2022-28140 – org.jenkins-ci.plugins:flaky-test-handler

Package

Manager: maven
Name: org.jenkins-ci.plugins:flaky-test-handler
Vulnerable Version: >=0 <1.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.09171 pctl0.92382

Details

XXE vulnerability in Jenkins Flaky Test Handler Plugin Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Metadata

Created: 2022-03-30T00:00:25Z
Modified: 2022-05-03T20:56:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-v4rr-65x6-g69f/GHSA-v4rr-65x6-g69f.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-v4rr-65x6-g69f
Finding: F083
Auto approve: 1