11 matches found
XML External Entity (XXE) Injection
Overview org.jenkins-ci.plugins:jdepend is a The JDepend Plugin is a plugin to generate JDepend reports for builds. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to XML parsing misconfiguration. An attacker can access sensitive information or induce...
EUVD-2025-36649
Jenkins JDepend Plugin vulnerable to XML external entity attacks...
Jenkins JDepend Plugin vulnerable to XML external entity attacks
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to configure input files for the "Report JDepend" step to have Jenkins parse a crafted file...
GHSA-JFG6-4GX3-3V7W Jenkins JDepend Plugin vulnerable to XML external entity attacks
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to configure input files for the "Report JDepend" step to have Jenkins parse a crafted file...
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2025-64134
CVE-2025-64134 affects the Jenkins JDepend Plugin (versions 1.3.1 and earlier) which embeds an outdated JDepend Maven Plugin that does not configure its XML parser to prevent XML External Entity (XXE) attacks. Reports and advisories describe XXE injection via crafted files in the JDepend Report s...
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
Jenkins plugin JDepend 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
PT-2025-44283
Name of the Vulnerable Software and Affected Versions Jenkins JDepend Plugin versions 1.3.1 and earlier Description The Jenkins JDepend Plugin uses an outdated version of the JDepend Maven Plugin that lacks proper configuration of its XML parser. This configuration deficiency can allow for XML...