Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
2023-04-02T21:15:09.407
2025-02-21T16:15:31.807
Modified
CVSSv3.1: 8.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | phabricator_differential | ≤ 2.1.5 | Yes |