PT-2020-15355 · Jenkins · Jenkins Rundeck Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.6 and earlier Description: The issue allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins...