Maven package
net.praqma/rqm-plugin
pkg:maven/net.praqma/rqm-plugin
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41241 | — | <= 2.8 | — | Sep 21, 2022 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2022-34810 | — | <= 2.8 | — | Jun 30, 2022 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2022-34809 | — | <= 2.8 | — | Jun 30, 2022 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
- CVE-2022-41241Sep 21, 2022affected <= 2.8
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-34810Jun 30, 2022affected <= 2.8
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-34809Jun 30, 2022affected <= 2.8
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.