Advisories for Maven/Org.jenkins-Ci.plugins/Valgrind package

2020

Improper Restriction of XML External Entity Reference

The Jenkins Valgrind Plugin does not configure its XML parser to prevent XML external entity (XXE) attacks.

Cross-site Scripting

The Jenkins Valgrind Plugin does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.