CVE-2022-41241

Name of the Vulnerable Software and Affected Versions Jenkins RQM Plugin versions 2.8 and earlier

Description The issue is related to the XML parser not being configured to prevent XML external entity (XXE) attacks. This allows attackers to provide crafted API responses that can be used to extract secrets from the Jenkins controller or perform server-side request forgery by having Jenkins parse a crafted XML document that uses external entities.

Recommendations For Jenkins RQM Plugin versions 2.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.