Advisories for Maven/Org.jenkins-Ci.plugins/Plot package

2022

Improper Restriction of XML External Entity Reference

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.