XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin

2022-05-1403:13:12

Google

osv.dev

jenkins

black duck hub

plugin

xml

vulnerability

postbuildscandescriptor

attackers

overall/read permission

entities

document

software

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.