Описание
Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Пакеты
Наименование
org.jenkins-ci.plugins:jobConfigHistory
maven
Затронутые версииВерсия исправления
< 1229.v3039470161a
1229.v3039470161a_d
Связанные уязвимости
CVSS3: 8.8
nvd
больше 2 лет назад
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.