CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24429
https://notcve.org/view.php?id=CVE-2023-24429
24 Jan 2023 — Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. El complemento Semantic Versioning de Jenkins en su versión 1.14 y versiones anteriores no restringe la ejecución de u... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20%281%29 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24430
https://notcve.org/view.php?id=CVE-2023-24430
24 Jan 2023 — Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. El complemento Semantic Versioning de Jenkins en su versión 1.14 y anteriores no configura su analizador XML para evitar ataques de entidades externas XML (XXE). • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20%282%29 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27201
https://notcve.org/view.php?id=CVE-2022-27201
15 Mar 2022 — Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. El Plugin Semantic Versioning de Jenkins versiones 1.13 y anteriores, no restringe la ejecución de un mensaje de contr... • http://www.openwall.com/lists/oss-security/2022/03/15/2 •