Description
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2926
Related Vulnerabilities
CVE-2020-1940 Vulnerability in maven package org.apache.jackrabbit:oak-core
CVE-2023-30520 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger
CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-core
CVE-2015-5171 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2023-40014 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable