CVE-2020-2315 – Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2315

Reference (s):

• https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900
• URL: https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900
• MLIST:[oss-security] 20201104 Multiple vulnerabilities in Jenkins plugins
• URL: http://www.openwall.com/lists/oss-security/2020/11/04/6