Home

CVE-2020-2172

Description

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.155

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-2172 are fixed in Jenkins - code-coverage-api 1.1.5Windows
Vulnerabilities CVE-2020-2172 are fixed in Jenkins - code-coverage-api for Linux 1.1.5Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234