CVE-2023-28681

Summary

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Visual Studio Code Metrics Plugin0 <= 1.7affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References