CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
References
Configurations

Configuration 1

cpe:2.3:a:jenkins:maven:*:*:*:*:*:jenkins:*:*

Information

Published : 2019-12-17 03:15

Updated : 2020-01-03 04:03


NVD link : CVE-2019-16549

Mitre link : CVE-2019-16549

Products Affected
No products.
CWE
CWE-611

Improper Restriction of XML External Entity Reference