2 matches found
GHSA-PPV9-V43C-XQPP XXE vulnerability in Jenkins pom2config Plugin
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...
Jenkins Matrix Authorization Strategy Access Control Error Vulnerability
Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...