CVE-2020-2108

2020-01-2916:15:12

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

CPENameOperatorVersion
websphere-deployer-plugineqwebsphere-deployer-1.1
websphere-deployer-plugineqwebsphere-deployer-1.5.1
websphere-deployer-plugineqwebsphere-deployer-1.4.3
websphere-deployer-plugineqwebsphere-deployer-1.3.4
websphere-deployer-plugineqwebsphere-deployer-1.6.1
websphere-deployer-plugineqwebsphere-deployer-1.6.0
websphere-deployer-plugineqwebsphere-deployer-1.5.6
websphere-deployer-plugineqwebsphere-deployer-1.5.5
websphere-deployer-plugineqwebsphere-deployer-1.5.3
websphere-deployer-plugineqwebsphere-deployer-1.2

Name	Operator	Version
websphere-deployer-plugin	eq	websphere-deployer-1.1
websphere-deployer-plugin	eq	websphere-deployer-1.5.1
websphere-deployer-plugin	eq	websphere-deployer-1.4.3
websphere-deployer-plugin	eq	websphere-deployer-1.3.4
websphere-deployer-plugin	eq	websphere-deployer-1.6.1
websphere-deployer-plugin	eq	websphere-deployer-1.6.0
websphere-deployer-plugin	eq	websphere-deployer-1.5.6
websphere-deployer-plugin	eq	websphere-deployer-1.5.5
websphere-deployer-plugin	eq	websphere-deployer-1.5.3
websphere-deployer-plugin	eq	websphere-deployer-1.2