XML External Entity (XXE) Vulnerability in Jenkins Visual Studio Code Metrics Plugin 1.7 and Earlier

XML External Entity (XXE) Vulnerability in Jenkins Visual Studio Code Metrics Plugin 1.7 and Earlier

CVE-2023-28681 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Learn more about our External Network Penetration Testing.