CVE-2020-2247
- Source
- https://cve.org/CVERecord?id=CVE-2020-2247
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2247.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-2247
- Aliases
- Published
- 2020-09-01T14:15:13.160Z
- Modified
- 2026-04-10T04:24:41.519979Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- References
Affected packages
Git / github.com/jenkinsci/klocwork-plugin
Affected versions
klocwork-1.*
klocwork-1.0
klocwork-1.1
klocwork-1.10
klocwork-1.11
klocwork-1.12
klocwork-1.13
klocwork-1.14
klocwork-1.14.1
klocwork-1.15
klocwork-1.16.2
klocwork-1.16.3
klocwork-1.17
klocwork-1.18
klocwork-1.2
klocwork-1.23
klocwork-1.24
klocwork-1.24.1
klocwork-1.24.2
klocwork-1.24.3
klocwork-1.24.4
klocwork-1.24.5
klocwork-1.24.6
klocwork-1.3
klocwork-1.5
klocwork-1.6
klocwork-1.7
klocwork-1.8
klocwork-1.8.1
klocwork-1.9
klocwork-2.*
klocwork-2.0
klocwork-2.1
klocwork-2.2
klocwork-2.2.1
klocwork-2.2.2
klocwork-2.2.3
klocwork-2.3
klocwork-2.3.1
klocwork-2.3.2
klocwork-2.3.3
klocwork-2.3.4
klocwork-2.3.5
klocwork-2.3.6
klocwork-2.3.7
klocwork-2.3.8
klocwork-2.3.9
klocwork-2.4.0
klocwork-2.4.1
klocwork-2.4.2
klocwork-2.4.3
klocwork-2.4.4
klocwork-2.4.5
klocwork-2.4.6
klocwork-2.4.7
klocwork-2.4.8
klocwork-2.4.9
klocwork-2.5.0
klocwork-2.5.1
klocwork-2.5.2
klocwork-2.5.3
klocwork-2020.*
klocwork-2020.2
klocwork-2020.2.1