CVE-2020-2108

Published: Jan 29, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

Vendor	Product	Versions
Jenkins project	Jenkins WebSphere Deployer Plugin	affected `unspecified - <= 1.6.1` unknown `next of 1.6.1 - < unspecified`

References

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1719

x_refsource_CONFIRM

[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-2108

Description

Affected Products

References