CVE-2022-34793 – org.jenkins-ci.plugins:recipe

Package

Manager: maven
Name: org.jenkins-ci.plugins:recipe
Vulnerable Version: >=0 <=1.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01848 pctl0.82364

Details

XML External Entity Reference in Jenkins Recipe Plugin Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Metadata

Created: 2022-07-01T00:01:07Z
Modified: 2022-12-12T19:43:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-rm23-6mwv-8q9q/GHSA-rm23-6mwv-8q9q.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-rm23-6mwv-8q9q
Finding: F083
Auto approve: 1