Skip to main content

Plot

2 CVEs product

Monthly

CVE-2022-46682 Maven CRITICAL PATCH Act Now

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Plot
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34783 Maven MEDIUM PATCH This Month

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Plot
NVD
CVSS 3.1
5.4
EPSS
80.4%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Plot
NVD
EPSS 80% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Plot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy