Description
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Remediation
References
https://jenkins.io/security/advisory/2018-01-22/
Related Vulnerabilities
CVE-2023-25753 Vulnerability in maven package org.apache.shenyu:shenyu-admin
CVE-2022-34799 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2018-6341 Vulnerability in npm package react-dom
CVE-2014-0050 Vulnerability in maven package org.apache.jackrabbit:oak-run
CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage