Description
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2926
Related Vulnerabilities
CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2023-41167 Vulnerability in npm package @webiny/react-rich-text-renderer
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2011-5064 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2021-28657 Vulnerability in maven package org.apache.tika:tika-parsers