CVE-2023-24430
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin in maven/org.jenkins-ci.plugins/semantic-versioning-plugin
Identifiers
GHSA-h8p8-6378-649p, CVE-2023-24430
Package Slug
maven/org.jenkins-ci.plugins/semantic-versioning-plugin
Vulnerability
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Description
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected Versions
All versions before 1.15
Solution
Upgrade to version 1.15 or above.
Last Modified
2023-01-27
| source |