CVE-2023-49656 — XML External Entity (XXE) Injection in Jenkins Matlab
Severity
9.8CRITICALNVD
EPSS
0.0%
top 85.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 29
Description
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9