CVE-2020-2108: Improper Restriction of XML External Entity Reference

May 24, 2022 (updated December 19, 2022)

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

References

www.openwall.com/lists/oss-security/2020/01/29/1
github.com/advisories/GHSA-f5wx-w2f9-82gh
jenkins.io/security/advisory/2020-01-29/
nvd.nist.gov/vuln/detail/CVE-2020-2108

Code Behaviors & Features

Detect and mitigate CVE-2020-2108 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →