Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wf8m-qr47-xc9m

GitHub Security Advisory

Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

This allows attackers able to control `Project File (APX)` contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Affected Packages

Maven org.jenkins-ci.plugins:absint-a3
Affected versions: 0 (last affected: 1.1.0)

Related CVEs

CVE-2023-28685

Key Information

GHSA ID
GHSA-wf8m-qr47-xc9m
Published
July 6, 2023 7:24 PM
Last Modified
July 6, 2023 9:55 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:absint-a3
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.