December 3, 2023
Severity High Analysis Summary A new and sophisticated Android malware, named FjordPhantom, has been disclosed by cybersecurity researchers. The malware targets users in Southeast Asian countries, […]
Rewterz Threat Advisory – CVE-2022-45385 – Jenkins CloudBees Docker Hub/Registry Notification Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45387 – Jenkins BART Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45385 – Jenkins CloudBees Docker Hub/Registry Notification Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45387 – Jenkins BART Plugin Vulnerability
November 16, 2022
Severity
Medium
Analysis Summary
CVE-2022-45386
Jenkins Script Security Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to extract secrets from the Jenkins agent or perform server-side request forgery attacks.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-45386
Affected Vendors
Jenkins
Affected Products
Jenkins Violations Plugin 0.7.11
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.