{"id":"CVE-2020-2108","details":"Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.","aliases":["GHSA-f5wx-w2f9-82gh"],"modified":"2026-03-14T10:17:52.502952Z","published":"2020-01-29T16:15:12.787Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/01/29/1"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1719"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/websphere-deployer-plugin","events":[{"introduced":"0"},{"last_affected":"2f98656940ee16d8a083128fdd3e5274086905e5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.1"}]}}],"versions":["websphere-deployer-1.1","websphere-deployer-1.2","websphere-deployer-1.3.4","websphere-deployer-1.4.3","websphere-deployer-1.5.1","websphere-deployer-1.5.2","websphere-deployer-1.5.3","websphere-deployer-1.5.5","websphere-deployer-1.5.6","websphere-deployer-1.6.0","websphere-deployer-1.6.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2108.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}]}