CVE-2023-24441 – org.jvnet.hudson.plugins:mstest

Package

Manager: maven
Name: org.jvnet.hudson.plugins:mstest
Vulnerable Version: >=0 <1.0.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00094 pctl0.27156

Details

XML external entity vulnerability on agents in Jenkins MSTest Plugin Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Metadata

Created: 2023-01-26T21:30:18Z
Modified: 2024-01-04T12:11:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-3ppr-72x5-x67q/GHSA-3ppr-72x5-x67q.json
CWE IDs: ["CWE-611", "CWE-776"]
Alternative ID: GHSA-3ppr-72x5-x67q
Finding: F083
Auto approve: 1