CVE-2019-10337: Improper Restriction of XML External Entity Reference

June 11, 2019 (updated June 13, 2019)

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the “XML” macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

References

jenkins.io/security/advisory/2019-06-11/
nvd.nist.gov/vuln/detail/CVE-2019-10337

Code Behaviors & Features

Detect and mitigate CVE-2019-10337 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →