Description
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2925
Related Vulnerabilities
CVE-2015-1808 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-37462 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-ui
CVE-2023-50722 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2017-12611 Vulnerability in maven package org.apache.struts:struts2-core