Description
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2925
Related Vulnerabilities
CVE-2017-11482 Vulnerability in npm package kibana
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine
CVE-2023-39345 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2013-3827 Vulnerability in maven package com.sun.faces:jsf-impl
CVE-2020-2304 Vulnerability in maven package org.jenkins-ci.plugins:subversion