CVE-2020-2172

CWE-776XML Entity Expansion (Billion Laughs)CWE-611XML External Entity (XXE)5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Code Coverage API PluginJenkins Code Coverage API
Timeline
PublishedApr 7
Latest updateMay 24

Description

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_code_coverage_api_pluginunspecified1.1.4

🔴Vulnerability Details

3
GHSA
XXE vulnerability in Jenkins Code Coverage API Plugin2022-05-24
OSV
XXE vulnerability in Jenkins Code Coverage API Plugin2022-05-24
CVEList
CVE-2020-2172: Jenkins Code Coverage API Plugin 12020-04-07

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-04-072020-04-07
CVE-2020-2172 (MEDIUM CVSS 6.5) | Jenkins Code Coverage API Plugin 1. | cvebase.io