Description
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
Remediation
References
Related Vulnerabilities
WordPress Plugin Share and Follow 'admin.php' Cross-Site Scripting (1.80.3)
WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)
MySQL CVE-2020-2804 Vulnerability (CVE-2020-2804)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2038)
WordPress Plugin College publisher Import Arbitrary File Upload (0.1)