Description
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.
Remediation
References
https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698
Related Vulnerabilities
CVE-2019-1003078 Vulnerability in maven package org.jenkins-ci.plugins:labmanager
CVE-2007-4556 Vulnerability in maven package opensymphony:xwork
CVE-2010-2076 Vulnerability in maven package org.apache.axis2:axis2-kernel
CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core