CVE-2020-2115

Name of the Vulnerable Software and Affected Versions Jenkins NUnit Plugin versions 0.25 and earlier

Description The issue allows a user who can control the input files for the post-build step to have Jenkins parse a crafted file that uses external entities. This can lead to extraction of secrets from the Jenkins controller, server-side request forgery, or denial-of-service attacks. The problem arises because the XML parser is not configured to prevent XML external entity (XXE) attacks.

Recommendations For Jenkins NUnit Plugin versions 0.25 and earlier, update to version 0.26 or later, which disables external entity processing for its XML parser.