This allows authenticated attackers with Overall/Read permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Affected Packages

Maven com.sap.jenkinsci:remote-jobs-view-plugin

Affected versions: 0 (last affected: 0.0.3)

Related CVEs

CVE-2023-28684

Key Information

GHSA ID

GHSA-58ch-c2jf-5g23

Published

April 2, 2023 9:30 PM

Last Modified

April 10, 2023 4:42 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

com.sap.jenkinsci:remote-jobs-view-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.