Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mercurial | Jenkins | * | 2.11 (including) |
Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1612862361-1.el7 | * |
Red Hat OpenShift Container Platform 4.4 | RedHat | jenkins-2-plugins-0:4.4.1611203637-1.el7 | * |
Red Hat OpenShift Container Platform 4.5 | RedHat | jenkins-2-plugins-0:4.5.1610108899-1.el7 | * |
Red Hat OpenShift Container Platform 4.6 | RedHat | jenkins-2-plugins-0:4.6.1609853716-1.el8 | * |