Description
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Remediation
References
https://jenkins.io/security/advisory/2018-01-22/
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2020-10719 Vulnerability in maven package io.undertow:undertow-core
CVE-2018-1272 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2017-12629 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-dao