Crap4J
1 CVEs
product
Monthly
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Jenkins
XXE
Crap4J
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28680
Maven
EPSS 1%
CVSS 7.5
HIGH
This Week
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Jenkins
XXE
Crap4J
NVD