Description
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
Remediation
References
https://github.com/azkaban/azkaban/issues/2478
Related Vulnerabilities
CVE-2020-2211 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci
CVE-2022-25854 Vulnerability in npm package @yaireo/tagify
CVE-2022-37257 Vulnerability in npm package steal
CVE-2023-30526 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2015-2944 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post