2 matches found
CVE-2020-2108
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...
CVE-2020-2108
CVE-2020-2108 affects Jenkins WebSphere Deployer Plugin 1.6.1 and earlier. The root cause is the XML parser not configured to disable XML External Entity (XXE) processing, allowing XXE exploitation. An attacker with Job/Configure permissions can upload a specially crafted WAR containing WEB-INF/i...