CVE-2020-2108

Summary

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins WebSphere Deployer Pluginunspecified <= 1.6.1affected
Jenkins projectJenkins WebSphere Deployer Pluginnext of 1.6.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References