CVE-2020-2108

CWE-611 — XML External Entity (XXE)7 documents7 sources

Severity

7.6HIGH

EPSS

0.1%

top 81.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Websphere Deployer Plugin Jenkins Websphere Deployer

Timeline

PublishedJan 29

Latest updateMay 24

Description

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:websphere-deployer1.6.1

▶CVEListV5jenkins_project/jenkins_websphere_deployer_pluginunspecified — 1.6.1

▶NVDjenkins/websphere_deployer1.6.1

🔴Vulnerability Details

OSV

XXE vulnerability in Jenkins WebSphere Deployer Plugin↗2022-05-24

▶

GHSA

XXE vulnerability in Jenkins WebSphere Deployer Plugin↗2022-05-24

▶

CVEList

CVE-2020-2108: Jenkins WebSphere Deployer Plugin 1↗2020-01-29

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-01-29↗2020-01-29

▶

💬Community

Bugzilla

CVE-2020-1718 keycloak: security issue on reset credential flow↗2020-01-31

▶