113 matches found
Xxe
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-45396
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Jenkins RQM Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...
Security Bulletin: IBM Tivoli Network Manager is vulnerable to XML external entity (XEE) attacks due to FasterXML (CVE-2020-25649)
Summary FasterXML Jackson Databind, used by IBM Tioli Network Manager,contains a flaw where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. The library has been...
Xxe
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Improper Restriction of XML External Entity Reference in Jelly
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...
Software AG MashZone NextGen 代码问题漏洞
Software AG MashZone NextGen is a software from Software AG, Germany. It is used to visualize data interactively. A security vulnerability exists in Software AG MashZone NextGen version 10.7 and earlier versions, which stems from the "Register an Ehcache Configuration File" administrative feature...
CVE-2022-28155
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-18854 · Jenkins · Jenkins Pipeline: Phoenix Autotest Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Phoenix AutoTest Plugin versions 1.3 and earlier Description: The issue is related to the Phoenix AutoTest Plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers who can contr...
CVE-2021-46365
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...
Knime Analytics Platform 代码问题漏洞
Knime Analytics Platform is a free open source data analysis, reporting and integration platform from the Swiss company Knime.KNIME Analytics Platform versions prior to 4.5.0 contain a code issue vulnerability that can be exploited by attackers to conduct XXE attacks via crafted workflow files...
CVE-2021-43577
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21701
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Security Bulletin: IBM Event Streams is affected by potential data integrity issue (CVE-2020-25649)
Summary IBM Event Streams is potentially vulnerable to a data integrity issue Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit th...
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-25649)
Summary IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could...
CVE-2021-21642
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...