Description
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3133
http://www.openwall.com/lists/oss-security/2023/07/12/2
Related Vulnerabilities
CVE-2018-1000176 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2022-45386 Vulnerability in maven package org.jenkins-ci.plugins:violations
CVE-2022-36079 Vulnerability in npm package parse-server
CVE-2022-45690 Vulnerability in maven package cn.hutool:hutool-json
CVE-2015-3191 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login