2 matches found
GHSA-HR8P-76Q8-FXWQ XXE vulnerability in Jenkins Performance Plugin
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...
XXE vulnerability in Jenkins Performance Plugin
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...