CVE-2023-28680

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28680

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28680

CVE-2023-28680 affects Jenkins Crap4J Plugin 0.9 and earlier. The vulnerability arises because the XML parser is not configured to prevent XML external entity (XXE) attacks, enabling crafted Crap Report files to cause XML parsing that can exfiltrate secrets or enable SSRF. Public sources indicate...

CVE-2023-28680

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28680

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins Plugins Crap4J 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-21899 · Jenkins · Jenkins Crap4J Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Crap4J Plugin versions 0.9 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows attackers who can control Crap Report file contents t...