CVE-2020-2305
published 2020-11-04CVE-2020-2305: Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | authentication_cache_in_active_directory_plugin | — | — |
| jenkins | aws_global_configuration_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | findbugs_plugin | — | — |
| jenkins | ids_in_azure_key_vault_plugin | — | — |
| jenkins | jenkins-ci_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | mail_commander_plugin | — | — |
| jenkins | mercurial | <= 2.11 | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | sqlplus_script_runner_plugin | — | — |
| jenkins | static_analysis_utilities_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | visualworks_store_plugin | — | — |
| jenkins | vmware_lab_manager_slaves_plugin | — | — |
| jenkins_project | jenkins_mercurial_plugin | unspecified – 2.11 | — |