CVE-2022-46682: Improper Restriction of XML External Entity Reference

December 12, 2022

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

github.com/advisories/GHSA-wgpp-g6v9-7hxp
github.com/jenkinsci/plot-plugin/commit/4f7afbe064aab538a242a9984e583e513863e0ac
nvd.nist.gov/vuln/detail/CVE-2022-46682
www.jenkins.io/security/advisory/2022-12-07/

Code Behaviors & Features

Detect and mitigate CVE-2022-46682 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →