Description
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1377
Related Vulnerabilities
CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage
CVE-2019-9658 Vulnerability in maven package com.puppycrawl.tools:checkstyle
CVE-2021-23266 Vulnerability in maven package org.craftercms:crafter-engine
CVE-2016-4216 Vulnerability in maven package com.adobe.xmp:xmpcore
CVE-2012-0392 Vulnerability in maven package org.apache.struts.xwork:xwork-core