2 matches found
org.jenkins-ci.plugins:influxdb (>=1.3 <=1.12.3) potentially affected by CVE-2020-2092 via org.jenkins-ci.plugins:robot (=1.6.0)
org.jenkins-ci.plugins:robot MAVEN version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:robot and may be impacted: - org.jenkins-ci.plugins:influxdb =1.3, =1.12.3 Source cves: CVE-2020-2092 Source advisory:...
CVE-2020-2092
CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...