Description
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Remediation
References
http://www.securityfocus.com/bid/102844
https://jenkins.io/security/advisory/2018-01-22/
Related Vulnerabilities
CVE-2022-31108 Vulnerability in maven package org.webjars.bower:mermaid
CVE-2019-10280 Vulnerability in maven package org.jenkins-ci.plugins:assembla-auth
CVE-2020-2176 Vulnerability in maven package it.infuse.jenkins:usemango-runner
CVE-2022-25897 Vulnerability in maven package org.eclipse.milo:sdk-server
CVE-2022-23082 Vulnerability in maven package io.whitesource:curekit