GHSA-VPFJ-5GG5-FVFM XXE vulnerability in Jenkins Cobertura Plugin

Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external entities for...

GHSA-5XH7-6V3X-VRHJ XXE vulnerability in Rundeck Plugin

Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins controller o...

XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

GHSA-C3CG-MV5W-CVW8 XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

GHSA-XVHF-Q744-5XM8 XXE vulnerability in NUnit Plugin

NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in NUnit Plugin

NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins WebSphere Deployer Plugin

WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin...

GHSA-F5WX-W2F9-82GH XXE vulnerability in Jenkins WebSphere Deployer Plugin

WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin...

GHSA-M53P-F25Q-Q6FG XXE vulnerability in Jenkins Robot Framework Plugin

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...

XXE vulnerability in Jenkins Robot Framework Plugin

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Robot Framework' post-build step to have Jenkins parse a crafted file that uses external entities for extracti...

GHSA-7MF5-79GV-66GH Jenkins Maven Release Plug-in Plugin XXE vulnerability

Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...

Updated ruby-nokogiri packages fix security vulnerability

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-3.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

XML External Entity Reference in Jenkins Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...

GHSA-WQMP-2P5R-RHFV XML External Entity Reference in Jenkins Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...

expat: Integer overflow in storeAtts in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-30971

CVE-2022-30971 – Jenkins Storable Configs Plugin XXE . The vulnerability is in Jenkins Storable Configs Plugin 1.0 and earlier, where the XML parser is not configured to prevent XML External Entity (XXE) attacks. This is confirmed by multiple sources in the provided documents (NVD entry for CVE-2...

CVE-2022-30971

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...