CVE-2020-2298
CVE-2020-2298 affects Jenkins Nerrvana Plugin versions 1.02.06 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks. Impact described across sources includes potential exposure of secrets via crafted XML data parsed by Jenkins,...