Description
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2928
Related Vulnerabilities
CVE-2018-3818 Vulnerability in npm package kibana
CVE-2019-10406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core
CVE-2021-21608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-15697 Vulnerability in maven package org.apache.nifi:nifi-web-utils