Description
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1377
Related Vulnerabilities
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-jetty8
CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config
CVE-2019-17558 Vulnerability in maven package org.apache.solr:solr-velocity
CVE-2012-4529 Vulnerability in maven package org.jboss.as:jboss-as-web
CVE-2023-33007 Vulnerability in maven package org.jenkins-ci.plugins:loadcomplete