Skip to main content

Rqm

3 CVEs product

Monthly

CVE-2022-41241 Maven CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-34810 Maven MEDIUM This Month

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34809 Maven MEDIUM This Month

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
EPSS 1% CVSS 9.1
CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rqm
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rqm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy