Description
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337
http://www.openwall.com/lists/oss-security/2022/10/19/3
Related Vulnerabilities
CVE-2021-21179 Vulnerability in npm package electron
CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2016-4567 Vulnerability in maven package org.webjars.bower:mediaelement
CVE-2018-1000665 Vulnerability in maven package org.webjars.npm:dojo