Jenkins Robot Framework Plugin 2.0.0 Improper Restriction of XML External Entity Reference Vulnerability

Summary

Robot Framework Plugin 2.0.0 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

Credit:

The information has been provided by Ai Ho

The original article can be found at:https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698


Details

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.

 

Vulnerable Systems:

Jenkins Robot Framework Plugin 2.0.0

 

CVE Information:

CVE-2020-2092

 

Disclosure Timeline:
Published Date:1/15/2020

Categories: News