Lucene search

CVE-2020-2305

🗓️ 04 Nov 2020 15:11:15Reported by jenkinsType

Jenkins Mercurial Plugin 2.11 XML parser does not prevent XXE attack

Reporter	Title	Published	Views	Family All 25
Cvelist	CVE-2020-2305	4 Nov 202014:35	–	cvelist
NVD	CVE-2020-2305	4 Nov 202015:15	–	nvd
RedhatCVE	CVE-2020-2305	13 Jun 202105:51	–	redhatcve
Veracode	XML External Entity (XXE)	21 Jan 202108:57	–	veracode
Github Security Blog	XXE vulnerability in Jenkins Mercurial Plugin	24 May 202217:33	–	github
OSV	CVE-2020-2305	4 Nov 202015:15	–	osv
OSV	XXE vulnerability in Jenkins Mercurial Plugin	24 May 202217:33	–	osv
OSV	Red Hat Security Advisory: OpenShift Container Platform 4.4.33 packages and security update	16 Sep 202405:18	–	osv
OSV	Red Hat Security Advisory: OpenShift Container Platform 4.6.12 packages and security update	16 Sep 202405:17	–	osv
OSV	Red Hat Security Advisory: OpenShift Container Platform 4.5.27 packages and security update	18 Sep 202404:29	–	osv

Nvd

Node

jenkins mercurialRange≤2.11jenkins

[
  {
    "product": "Jenkins Mercurial Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "2.10.1"
      },
      {
        "status": "unaffected",
        "version": "2.9.1"
      },
      {
        "status": "unaffected",
        "version": "2.8.1"
      }
    ]
  }
]

Source	Link
jenkins	www.jenkins.io/security/advisory/2020-11-04/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Nov 2020 15:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS24

CVSS36.5

EPSS0.001