CVE-2020-2305

CWE-611XML External Entity (XXE)6 documents6 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 33.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Mercurial PluginJenkins Mercurial
Timeline
PublishedNov 4
Latest updateMay 24

Description

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.jenkins-ci.plugins:mercurial2.112.12+3
CVEListV5jenkins_project/jenkins_mercurial_pluginunspecified2.11

🔴Vulnerability Details

3
OSV
XXE vulnerability in Jenkins Mercurial Plugin2022-05-24
GHSA
XXE vulnerability in Jenkins Mercurial Plugin2022-05-24
CVEList
CVE-2020-2305: Jenkins Mercurial Plugin 22020-11-04

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2020-11-042020-11-04
Red Hat
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks2020-11-04
CVE-2020-2305 (MEDIUM CVSS 6.5) | Jenkins Mercurial Plugin 2.11 and e | cvebase.io