CVE-2019-10337

Name of the Vulnerable Software and Affected Versions Jenkins Token Macro Plugin versions 2.7 and earlier

Description The issue is related to an XML external entities (XXE) vulnerability. It allows attackers who can control the content of the input file for the "XML" macro to have Jenkins resolve external entities. This can result in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

Recommendations For Jenkins Token Macro Plugin versions 2.7 and earlier, update to a version later than 2.7 to resolve the issue. As a temporary workaround, consider restricting the use of the "XML" macro to minimize the risk of exploitation.