Description
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2942
Related Vulnerabilities
CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-services
CVE-2020-7651 Vulnerability in npm package snyk-broker
CVE-2022-35924 Vulnerability in npm package next-auth
CVE-2022-1415 Vulnerability in maven package org.drools:drools-core