Description
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2805
Related Vulnerabilities
CVE-2018-19837 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-27822 Vulnerability in maven package io.opentracing.contrib:opentracing-interceptors
CVE-2023-40014 Vulnerability in npm package @openzeppelin/contracts
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom