Description
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.
Remediation
References
https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2018-1000193 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-1003039 Vulnerability in maven package org.jenkins-ci.plugins:appdynamics-dashboard
CVE-2015-7520 Vulnerability in maven package org.apache.wicket:wicket-core
CVE-2014-8110 Vulnerability in maven package org.apache.activemq:activemq-web-console