Описание
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows authenticated attackers with Overall/Read permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Пакеты
Наименование
com.sap.jenkinsci:remote-jobs-view-plugin
maven
Затронутые версииВерсия исправления
<= 0.0.3
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
почти 3 года назад
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.