CVE-2019-1003015

Name of the Vulnerable Software and Affected Versions: Jenkins Job Import Plugin versions 2.1 and earlier

Description: The issue allows attackers with control over the HTTP server queried in preparation of job import to read arbitrary files and perform a denial of service attack. This is due to an XML external entity processing vulnerability in the src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java file.

Recommendations: For Jenkins Job Import Plugin versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.