Lucene search
GoogleOSV:GHSA-2RH4-XGMQ-63JPHistoryMay 24, 2022 - 5:15 p.m.
XXE vulnerability in Jenkins Parasoft Findings Plugin
2022-05-2417:15:35
Google
osv.dev
6
jenkins
parasoft findings plugin
xml parser
xxe vulnerability
warnings plugin
warnings ng plugin
10.4.3
10.4.4
security issue
EPSS
0.001
Percentile
28.4%
Parasoft Findings Plugin implements a static analysis parser for various Parasoft products and integrates with Warnings Plugin (10.4.1 and earlier) and Warnings NG Plugin (10.4.2 and newer).
Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows a user able to control the input files for the Parasoft Findings parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Parasoft Findings Plugin 10.4.4 disables external entity resolution for its XML parser.
Related
nvd
nvd
CVE-2020-2178
2020-04-16 19:15:28
cve
cve
CVE-2020-2178
2020-04-16 19:15:28
github
github
XXE vulnerability in Jenkins Parasoft Findings Plugin
2022-05-24 17:15:35
cvelist
cvelist
CVE-2020-2178
2020-04-16 13:35:16
osv
osv
CVE-2020-2178
2020-04-16 19:15:28
prion
prion
Xxe
2020-04-16 19:15:00
alpinelinux
alpinelinux
CVE-2020-2178
2020-04-16 19:15:28