Get a Pentest and security assessment of your IT network.

Request a quote

CVE-2020-2245 – Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parse

March 7, 2022

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2245

Reference (s):

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1829
URL: https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1829
MLIST:[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins
URL: http://www.openwall.com/lists/oss-security/2020/09/01/3

2