High severityNVD Advisory· Published Sep 21, 2022· Updated May 28, 2025
CVE-2022-41226
CVE-2022-41226
Description
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.compuware.jenkins:compuware-common-configurationMaven | < 1.0.15 | 1.0.15 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-g43x-pcc9-f472ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41226ghsaADVISORY
- github.com/jenkinsci/compuware-common-configuration-plugin/commit/351a46798cdc10479cb6966f05a51bc2174806a0ghsaWEB
- github.com/jenkinsci/compuware-common-configuration-plugin/commit/8410fd5e0a619200f5bc2e906ecba940e8506436ghsaWEB
- github.com/jenkinsci/compuware-common-configuration-plugin/commit/a92f1fba5ab375cfcceed92a16666a4c709e0f3bghsaWEB
- github.com/jenkinsci/compuware-common-configuration-plugin/pull/24ghsaWEB
- www.jenkins.io/security/advisory/2022-09-21/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2022-09-21Jenkins Security Advisories · Sep 21, 2022