4 matches found
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28683
CVE-2023-28683 — Jenkins Phabricator Differential Plugin : Affected plugin versions 2.1.5 and earlier fail to configure the XML parser to prevent XML external entity (XXE) attacks. This enables attackers who can influence the coverage report file contents for the ‘Post to Phabricator’ post-build ...
PT-2023-21902 · Jenkins · Jenkins Phabricator Differential Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Phabricator Differential Plugin versions 2.1.5 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows attackers who can control coverag...