Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
High severity
GitHub Reviewed
Published
Sep 6, 2023
to the GitHub Advisory Database
•
Updated Jan 9, 2024
Package
Affected versions
< 1229.v3039470161a
Patched versions
1229.v3039470161a_d
Description
Published by the National Vulnerability Database
Sep 6, 2023
Published to the GitHub Advisory Database
Sep 6, 2023
Reviewed
Jan 9, 2024
Last updated
Jan 9, 2024
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References