Description

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/11/04/6

https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145

Related Vulnerabilities

CVE-2020-28278 Vulnerability in maven package org.webjars.npm:shvl

CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2022-24717 Vulnerability in npm package @finastra/ssr-pages

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.tellstick

CVE-2022-24721 Vulnerability in maven package org.cometd.java:cometd-java-oort

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo