Jenkins pom2config Plugin 1.2 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins pom2config |