2 matches found
CVE-2023-24429
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...
CVE-2023-24429
CVE-2023-24429 affects Jenkins Plugin: Semantic Versioning Plugin (versions ≤ 1.14). Root cause: XML parsing of a crafted controller/agent message that allows XML external entity (XXE) processing, enabling exfiltration of secrets from the Jenkins controller or triggering server-side requests. Imp...