3 matches found
CVE-2023-28680
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28680
CVE-2023-28680 affects Jenkins Crap4J Plugin 0.9 and earlier. The vulnerability arises because the XML parser is not configured to prevent XML external entity (XXE) attacks, enabling crafted Crap Report files to cause XML parsing that can exfiltrate secrets or enable SSRF. Public sources indicate...
CVE-2023-28680
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...