Home

CVE-2022-28140

Description

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.204

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-28140 are fixed in Jenkins - flaky-test-handler 1.2.2Windows
Vulnerabilities CVE-2022-28140 are fixed in Jenkins - flaky-test-handler for Linux 1.2.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234