CVE-2020-2172
published 2020-04-07CVE-2020-2172: Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | awseb_deployment_plugin | — | — |
| jenkins | code_coverage_api | <= 1.1.4 | — |
| jenkins | code_coverage_plugin | — | — |
| jenkins | fitnesse_plugin | — | — |
| jenkins | gatling_plugin | — | — |
| jenkins | runner_plugin | — | — |
| jenkins | xml_input_files_processed_by_the_plugin | — | — |
| jenkins_project | jenkins_code_coverage_api_plugin | unspecified – 1.1.4 | — |