CVE-2022-41226

Improper Restriction of XML External Entity Reference in maven/com.compuware.jenkins/compuware-common-configuration

Identifiers

GHSA-g43x-pcc9-f472, CVE-2022-41226

Package Slug

maven/com.compuware.jenkins/compuware-common-configuration

Vulnerability

Improper Restriction of XML External Entity Reference

Description

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Versions

All versions up to 1.0.14

Solution

Upgrade to version 1.0.15 or above.

Last Modified

2022-09-27

source