Description
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Remediation
References
http://www.securityfocus.com/bid/102844
https://jenkins.io/security/advisory/2018-01-22/
Related Vulnerabilities
CVE-2022-28366 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit
CVE-2018-1327 Vulnerability in maven package org.apache.struts:struts2-rest-plugin
CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-29060 Vulnerability in npm package color-string
CVE-2023-46493 Vulnerability in npm package @evershop/evershop