Description
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000
Related Vulnerabilities
CVE-2021-34538 Vulnerability in maven package org.apache.hive:hive
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2021-34435 Vulnerability in npm package @theia/mini-browser
CVE-2023-1108 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-26477 Vulnerability in maven package org.apache.systemds:systemds