CVE-2020-2138

Опубликовано: 09 мар. 2020

Источник: redhat

CVSS3: 5.4

Описание

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Not affected
Red Hat OpenShift Container Platform 4	jenkins-2-plugins	Not affected

Показывать по

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1819070jenkins-cobertura-plugin: XML parser not configured to prevent XXE attack

5.4 Medium

CVSS3

CVE-2020-2138

CVSS3: 7.1

nvd

почти 6 лет назад

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

GHSA-vpfj-5gg5-fvfm

CVSS3: 7.1

github

больше 3 лет назад

XXE vulnerability in Jenkins Cobertura Plugin

5.4 Medium

CVSS3