CVE-2022-30972

Name of the Vulnerable Software and Affected Versions Jenkins Storable Configs Plugin versions 1.0 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to have Jenkins parse a local XML file, such as archived artifacts, that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Recommendations For Jenkins Storable Configs Plugin versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to local XML files that use external entities to minimize the risk of exploitation.