CVE-2022-41226: Improper Restriction of XML External Entity Reference
(updated )
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
- github.com/advisories/GHSA-g43x-pcc9-f472
- github.com/jenkinsci/compuware-common-configuration-plugin/commit/351a46798cdc10479cb6966f05a51bc2174806a0
- github.com/jenkinsci/compuware-common-configuration-plugin/commit/8410fd5e0a619200f5bc2e906ecba940e8506436
- github.com/jenkinsci/compuware-common-configuration-plugin/pull/24
- nvd.nist.gov/vuln/detail/CVE-2022-41226
- www.jenkins.io/security/advisory/2022-09-21/
Detect and mitigate CVE-2022-41226 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →