CVE-2019-10337: Improper Restriction of XML External Entity Reference
(updated )
An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the “XML” macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.
References
Detect and mitigate CVE-2019-10337 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →