CVE-2023-28681

CVE-2023-28681 affects Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier. The vulnerability arises because the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks, which can allow an attacker to cause the Jenkins controller/server-side processing to reveal s...

CVE-2023-28681

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28681

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2023-21900 · Jenkins · Jenkins Visual Studio Code Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Visual Studio Code Metrics Plugin versions 1.7 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control VS Code Metrics File...