CVE-2022-45397

Name of the Vulnerable Software and Affected Versions Jenkins OSF Builder Suite : : XML Linter Plugin versions 1.0.2 and earlier

Description The issue arises from the XML parser not being configured to prevent XML external entity (XXE) attacks. This allows attackers who can control XML files processed by the 'OSF Builder Suite : : XML Linter' build step to craft files that use external entities, potentially leading to the extraction of secrets from the Jenkins agent or server-side request forgery. The impact of this issue is limited to specific circumstances where attackers can control XML files but cannot modify build steps, Jenkinsfiles, or test code executed on the agents.

Recommendations For versions 1.0.2 and earlier, consider configuring the XML parser to prevent XML external entity (XXE) attacks as a mitigation measure. Restrict access to the XML Linter build step to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.