CVE Vulnerability
CVE-2020-2172
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
| Link | Resource |
|---|---|
| https://jenkins.io/security/advisory/2020-04-07/#SECURITY-1699 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2020/04/07/3 |
Configurations
Configuration 1
|
Information
Published : 2020-04-07 01:15
Updated : 2020-04-07 04:15
NVD link : CVE-2020-2172
Mitre link : CVE-2020-2172
Products Affected
No products.
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')