Vulnerabilities > Jenkins > PMD > 1.9

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-23	CVE-2018-1000008	XXE vulnerability in Jenkins PMD Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. network low complexity jenkins CWE-611	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.