CVE-2022-25209: XML Entity Expansion in Jenkins Chef Sinatra

February 16, 2022 (updated February 17, 2022)

Jenkins Chef Sinatra Plugin does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

github.com/advisories/GHSA-38w8-h222-wrpp
nvd.nist.gov/vuln/detail/CVE-2022-25209
www.jenkins.io/security/advisory/2022-02-15/

Detect and mitigate CVE-2022-25209 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →