Vulnerabilities > CVE-2020-2138 - XXE vulnerability in Jenkins Cobertura

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

NVD

Published: 2020-03-09

Updated: 2023-10-25

Summary

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Part	Description	Count
Application	Jenkins Jenkins Cobertura 0.8.5 Jenkins Cobertura 0.8.6 Jenkins Cobertura 0.8.7 Jenkins Cobertura 0.8.8 Jenkins Cobertura 0.8.9 Jenkins Cobertura 0.8.10 Jenkins Cobertura 0.8.11 Jenkins Cobertura 0_1 Jenkins Cobertura 0_2 Jenkins Cobertura 0_3 Jenkins Cobertura 0_4 Jenkins Cobertura 0_5 Jenkins Cobertura 0_6 Jenkins Cobertura 0_7 Jenkins Cobertura 0_8 Jenkins Cobertura 0_8_1 Jenkins Cobertura 0_8_2 Jenkins Cobertura 0_8_3 Jenkins Cobertura 0_8_4 Jenkins Cobertura 1.0 Jenkins Cobertura 1.1 Jenkins Cobertura 1.2 Jenkins Cobertura 1.3 Jenkins Cobertura 1.4 Jenkins Cobertura 1.5 Jenkins Cobertura 1.6 Jenkins Cobertura 1.7 Jenkins Cobertura 1.7.1 Jenkins Cobertura 1.8 Jenkins Cobertura 1.9 Jenkins Cobertura 1.9.1 Jenkins Cobertura 1.9.2 Jenkins Cobertura 1.9.3 Jenkins Cobertura 1.9.4 Jenkins Cobertura 1.9.5 Jenkins Cobertura 1.9.6 Jenkins Cobertura 1.9.7 Jenkins Cobertura 1.9.8 Jenkins Cobertura 1.10 Jenkins Cobertura 1.11 Jenkins Cobertura 1.12 Jenkins Cobertura 1.12.1 Jenkins Cobertura 1.13 Jenkins Cobertura 1.14 Jenkins Cobertura 1.15	45