5 matches found
Advisory ROSA-SA-2021-1819
Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...
CVE-2020-2324
creationtimestamp| type| source ---|---|--- 2020-12-03 18:25:15+00:00| seen| https://t.me/cibsecurity/17090...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...