CVE-2020-2305

Summary

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Mercurial Pluginunspecified <= 2.11affected
Jenkins projectJenkins Mercurial Plugin2.10.1unaffected
Jenkins projectJenkins Mercurial Plugin2.9.1unaffected
Jenkins projectJenkins Mercurial Plugin2.8.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References