Description
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Remediation
References
https://jenkins.io/security/advisory/2018-02-05/
Related Vulnerabilities
CVE-2023-49655 Vulnerability in maven package org.jenkins-ci.plugins:matlab
CVE-2022-34188 Vulnerability in maven package org.jenkins-ci.plugins:hidden-parameter
CVE-2022-33140 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-framework
CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2012-4387 Vulnerability in maven package com.opensymphony:xwork-core