First published: Tue Feb 15 2022(Updated: )
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Chef Sinatra | <=1.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-25209 is classified as a medium severity vulnerability due to its potential for XML external entity (XXE) attacks.
To fix CVE-2022-25209, update Jenkins Chef Sinatra Plugin to version 1.21 or later.
CVE-2022-25209 is caused by the Jenkins Chef Sinatra Plugin not properly configuring its XML parser, allowing for XXE vulnerabilities.
Jenkins Chef Sinatra Plugin versions 1.20 and earlier are affected by CVE-2022-25209.
While specific exploits for CVE-2022-25209 are not publicly documented, the vulnerability poses a risk of XXE attacks if left unpatched.