7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-27201

GHSA ID

GHSA-x3m3-g8w6-mf28

EPSS Score

0.70051%

CWE

CWE-611

Published

3/16/2022

Updated

2/2/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-27201

CVE-2022-27201: Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.

(GitHub Advisory)

7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-27201

GHSA ID

GHSA-x3m3-g8w6-mf28

EPSS Score

0.70051%

CWE

CWE-611

Published

3/16/2022

Updated

2/2/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:semantic-versioning-plugin	maven	< 1.14	1.14

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key flaws: 1) Unsafe XML parsing configuration (CWE-611) in file processing functions, and 2) Improper access control (CWE-918) in controller/agent message handling. The first vulnerable function handles XML parsing without disabling DTDs/external entities. The second enables agent-to-controller command execution without proper validation. The advisory specifically mentions these components through its description of unrestricted message execution and XML processing vulnerabilities.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins S*m*nti* V*rsionin* Plu*in ***in*s * *ontroll*r/***nt m*ss*** t**t pro**ss*s * *iv*n *il* *s XML *n* r*turns v*rsion in*orm*tion. T** XML p*rs*r is not *on*i*ur** to pr*v*nt XML *xt*rn*l *ntity (XX*) *tt**ks, w*i** is only * pro*l*m i* XML *o

Reasoning

T** vuln*r**ility st*ms *rom two k*y *l*ws: *) Uns*** XML p*rsin* *on*i*ur*tion (*W*-***) in *il* pro**ssin* *un*tions, *n* *) Improp*r ****ss *ontrol (*W*-***) in *ontroll*r/***nt m*ss*** **n*lin*. T** *irst vuln*r**l* *un*tion **n*l*s XML p*rsin* w

7.1

Basic Information

Concerned about an active attack path?

CVE-2022-27201: Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI