An XML external entity (XXE) processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.
{ "nvd_published_at": "2019-02-06T16:29:00Z", "github_reviewed_at": "2022-05-26T18:54:26Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-611" ] }