Description
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2805
Related Vulnerabilities
CVE-2023-49673 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner
CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial
CVE-2023-29017 Vulnerability in npm package vm2
CVE-2023-34467 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2011-5063 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core