2725 matches found
Xxe
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...
Xxe
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...
CVE-2020-7572
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...
dom4j: XML External Entity vulnerability in default SAX parser
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
CVE-2020-2315
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2315
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2305
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2305
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2315
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2315
The CVE-2020-2315 issue affects Jenkins Visualworks Store Plugin versions 1.1.3 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling crafted XML to potentially reveal secrets from the Jenkins controller or facilitate SSRF-like...
CVE-2020-2305
CVE-2020-2305 affects the Jenkins Mercurial Plugin (versions up to 2.11 and earlier) where the XML parser was not configured to prevent XML external entity (XXE) attacks. The issue allows an attacker who can control an agent process to cause the Jenkins changelog parser to process external entiti...
CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2304
CVE-2020-2304 affects Jenkins Subversion Plugin
PT-2020-15535 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Jenkins Mercurial Plugin versions prior to 2.10.1 Jenkins Mercurial Plugin versions prior to 2.9.1 Jenkins Mercurial Plugin versions prior to...