A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2022-05-17T14:06:59
Updated: 2024-08-03T07:03:40.143Z
Reserved: 2022-05-16T00:00:00
Link: CVE-2022-30972
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-05-17T15:15:11.477
Modified: 2023-11-03T18:17:11.743
Link: CVE-2022-30972
Redhat
No data.