Description
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2292
Related Vulnerabilities
CVE-2023-39153 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2021-46440 Vulnerability in npm package strapi
CVE-2022-24898 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml