Kurt Boberg

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier **Description** The issue allows attackers who can control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file. This can lead to extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks due to an XML external entities (XXE) vulnerability. **Recommendations** For Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier, update to a version later than 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by the Maven build to minimize the risk of exploitation.