2729 matches found
CVE-2020-2305
CVE-2020-2305 affects the Jenkins Mercurial Plugin (versions up to 2.11 and earlier) where the XML parser was not configured to prevent XML external entity (XXE) attacks. The issue allows an attacker who can control an agent process to cause the Jenkins changelog parser to process external entiti...
CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2304
CVE-2020-2304 affects Jenkins Subversion Plugin
PT-2020-15535 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Jenkins Mercurial Plugin versions prior to 2.10.1 Jenkins Mercurial Plugin versions prior to 2.9.1 Jenkins Mercurial Plugin versions prior to...
Amazon Linux 2 : expat (ALAS-2020-1513)
The version of expat installed on the remote host is prior to 2.1.0-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1513 advisory. It was discovered that the setElementTypePrefix function incorrectly extracted XML namespace prefixes. By tricking an...
Medium: expat
Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...
WECON LeviStudioU XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-27197
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...
CVE-2020-27197
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...
CVE-2020-27197
CVE-2020-27197 affects TAXII libtaxii up to v1.1.117 and EclecticIQ OpenTAXII up to v0.2.0. The root cause is SSRF via an initial http:// substring to the parse method, even when the XML parser is configured with no_network. The vulnerability is triggered through the parse method that wraps the l...
PT-2020-16660 · Eclecticiq +2 · Opentaxii +2
Name of the Vulnerable Software and Affected Versions: TAXII libtaxii versions 1.1.117 and earlier EclecticIQ OpenTAXII versions 0.2.0 and earlier Description: The issue allows SSRF via an initial http:// substring to the parse method, even when the no network setting is used for the XML parser...
CVE-2020-2298
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2298
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2298
CVE-2020-2298 affects Jenkins Nerrvana Plugin versions 1.02.06 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks. Impact described across sources includes potential exposure of secrets via crafted XML data parsed by Jenkins,...
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2284
Jenkins Liquibase Runner Plugin versions ≤ 1.4.5 are affected by an XXE vulnerability caused by an XML parser not configured to prevent external entities. This could allow an attacker to supply crafted Liquibase changesets that are parsed by Jenkins to exfiltrate secrets or enable SSRF. The issue...
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...