VYPR
Moderate severityNVD Advisory· Published Nov 4, 2020· Updated Aug 4, 2024

CVE-2020-2305

CVE-2020-2305

Description

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:mercurialMaven
>= 2.11, < 2.122.12
org.jenkins-ci.plugins:mercurialMaven
>= 2.10, < 2.10.12.10.1
org.jenkins-ci.plugins:mercurialMaven
>= 2.9, < 2.9.12.9.1
org.jenkins-ci.plugins:mercurialMaven
< 2.8.12.8.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1