2 matches found
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +2 more potentially affected by CVE-2018-1000011 via org.jvnet.hudson.plugins.findbugs:library (>=1.3.9 <=4.0.0)
org.jvnet.hudson.plugins.findbugs:library MAVEN version =1.3.9, =1.7.2, =1.0.0, =1.0.0, =4.3, =5.0.0-beta3 Source cves: CVE-2018-1000011 Source advisory: OSV:GHSA-PR9H-G7P7-RRQH...
CVE-2018-1000011
The CVE-2018-1000011 issue affects Jenkins FindBugs Plugin (version 4.71 and earlier). The root cause is XML External Entity (XXE) processing in files parsed during builds, enabling attackers with Jenkins user permissions to extract secrets from the Jenkins master, perform server-side request for...