Description
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2926
Related Vulnerabilities
CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library
CVE-2021-21342 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jacksonxml