GHSA-G9HG-X9C9-7XGR XXE vulnerability in Jenkins CVS Plugin

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...

XXE vulnerability in Jenkins CVS Plugin

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...

GHSA-JVJM-J945-8QWC XXE vulnerability in Jenkins Visualworks Store Plugin

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the output of a script that run Visualworks with StoreCI, or able to control an agent process, to have Jenkins parse a...

XXE vulnerability in Jenkins Visualworks Store Plugin

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the output of a script that run Visualworks with StoreCI, or able to control an agent process, to have Jenkins parse a...

XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins Mercurial Plugin

Jenkins Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not configure its XML changelog parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction...

GHSA-X58R-WXC3-7PQR XXE vulnerability in Jenkins Mercurial Plugin

Jenkins Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not configure its XML changelog parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction...

GHSA-VP5F-8JGW-J53C XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins Nerrvana Plugin

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the...

GHSA-WCRG-92WP-4H28 XXE vulnerability in Jenkins Nerrvana Plugin

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the...

GHSA-XX7G-F287-F9FQ XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

XXE vulnerability in Jenkins Klocwork Analysis Plugin

Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets...

GHSA-P6C5-737R-2R93 XXE vulnerability in Jenkins Klocwork Analysis Plugin

Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets...

GHSA-XQ2Q-8HXC-7JR2 XXE vulnerability in Jenkins Valgrind Plugin

Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Valgrind plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...

XXE vulnerability in Jenkins Valgrind Plugin

Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Valgrind plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...

GHSA-2RH4-XGMQ-63JP XXE vulnerability in Jenkins Parasoft Findings Plugin

Parasoft Findings Plugin implements a static analysis parser for various Parasoft products and integrates with Warnings Plugin 10.4.1 and earlier and Warnings NG Plugin 10.4.2 and newer. Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity X...

XXE vulnerability in Jenkins Parasoft Findings Plugin

Parasoft Findings Plugin implements a static analysis parser for various Parasoft products and integrates with Warnings Plugin 10.4.1 and earlier and Warnings NG Plugin 10.4.2 and newer. Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity X...

GHSA-G7W4-R4MG-GVHX XXE vulnerability in Jenkins RapidDeploy Plugin

RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...

XXE vulnerability in Jenkins RapidDeploy Plugin

RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...