XXE vulnerability in Jenkins Android Lint Plugin

2022-05-1403:40:06

Google

osv.dev

jenkins

android lint

xxe vulnerability

xml external entities

server-side request forgery

denial-of-service attacks

security issue

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.