Robot Framework
Monthly
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.