CVE-2023-28682: Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks

April 2, 2023 (updated April 3, 2023)

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

github.com/advisories/GHSA-qgm7-m77f-j8pf
nvd.nist.gov/vuln/detail/CVE-2023-28682
www.jenkins.io/security/advisory/2023-03-21/

Detect and mitigate CVE-2023-28682 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →