Total
998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25209 | 1 Jenkins | 1 Chef Sinatra | 2023-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-28154 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2023-11-03 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-28155 | 1 Jenkins | 1 Pipeline\ | 2023-11-03 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-24429 | 1 Jenkins | 1 Semantic Versioning | 2023-11-03 | N/A | 9.8 CRITICAL |
| Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2023-24430 | 1 Jenkins | 1 Semantic Versioning | 2023-11-03 | N/A | 9.8 CRITICAL |
| Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-43415 | 1 Jenkins | 1 Repo | 2023-11-01 | N/A | 7.5 HIGH |
| Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-41226 | 1 Jenkins | 1 Compuware Common Configuration | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-41241 | 1 Jenkins | 1 Rqm | 2023-11-01 | N/A | 9.1 CRITICAL |
| Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45397 | 1 Jenkins | 1 Osf Builder Suite \ | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45396 | 1 Jenkins | 1 Sourcemonitor | 2023-11-01 | N/A | 9.8 CRITICAL |
| Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2023-11-01 | N/A | 5.5 MEDIUM |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2023-43624 | 1 Omrom | 1 Cx-designer | 2023-11-01 | N/A | 5.5 MEDIUM |
| CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed. | |||||
| CVE-2023-43067 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-10-28 | N/A | 6.5 MEDIUM |
| Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. | |||||
| CVE-2023-3823 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2023-10-27 | N/A | 7.5 HIGH |
| In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. | |||||
| CVE-2021-21672 | 1 Jenkins | 1 Selenium Html Report | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-21642 | 1 Jenkins | 1 Config File Provider | 2023-10-25 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2284 | 1 Jenkins | 1 Liquibase Runner | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||