CVE-2020-2304
published 2020-11-04CVE-2020-2304: Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | authentication_cache_in_active_directory_plugin | — | — |
| jenkins | aws_global_configuration_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | findbugs_plugin | — | — |
| jenkins | ids_in_azure_key_vault_plugin | — | — |
| jenkins | jenkins-ci_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | mail_commander_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | sqlplus_script_runner_plugin | — | — |
| jenkins | static_analysis_utilities_plugin | — | — |
| jenkins | subversion | <= 2.13.1 | — |
| jenkins | subversion_plugin | — | — |
| jenkins | visualworks_store_plugin | — | — |
| jenkins | vmware_lab_manager_slaves_plugin | — | — |
| jenkins_project | jenkins_subversion_plugin | unspecified – 2.13.1 | — |