Description
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
Remediation
References
https://github.com/azkaban/azkaban/issues/2478
Related Vulnerabilities
CVE-2018-1000863 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-10735 Vulnerability in npm package bootstrap-sass
CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track
CVE-2020-7789 Vulnerability in npm package node-notifier
CVE-2020-7746 Vulnerability in maven package org.webjars.npm:chart.js