Jenkins Pipeline: Phoenix Autotest — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Pipeline: Phoenix Autotest, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-28155 — CVSS 8.1 (high): Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-28156 — CVSS 6.5 (medium): Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and…
CVE-2022-28157 — CVSS 6.5 (medium): Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from…
CVE-2022-28158 — CVSS 6.5 (medium): A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to…