GHSA-4598-WCG8-X56G XML External Entity Reference in Jenkins Violations Plugin

Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers to control XML input files for the 'Report Violations' post-build step to have agent processes parse a crafted file that uses external entities for extraction o...

PT-2022-27488 · Jenkins · Jenkins Violations Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Violations Plugin versions 0.7.11 and earlier Description: The issue arises from the Jenkins Violations Plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers to control XML input files...