CVE-2022-28140: XEE
First published: Tue Mar 29 2022(Updated: )
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Flaky Test Handler | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-28140?
CVE-2022-28140 is a vulnerability in Jenkins Flaky Test Handler Plugin 1.2.1 and earlier that allows XML external entity (XXE) attacks.
How does CVE-2022-28140 impact Jenkins Flaky Test Handler Plugin?
CVE-2022-28140 allows XML external entity (XXE) attacks on Jenkins Flaky Test Handler Plugin 1.2.1 and earlier.
What is the severity of CVE-2022-28140?
CVE-2022-28140 has a severity of 8.1 (high).
How can I fix CVE-2022-28140 in Jenkins Flaky Test Handler Plugin?
To fix CVE-2022-28140, upgrade Jenkins Flaky Test Handler Plugin to a version later than 1.2.1.
Where can I find more information about CVE-2022-28140?
You can find more information about CVE-2022-28140 in the references section of the Jenkins security advisory and the Openwall mailing list.
- collector/nvd-index
- collector/nvd-api
- vendor/jenkins
- canonical/jenkins flaky test handler
- version/jenkins flaky test handler/1.2.1