ГлавнаяУязвимости → CVE-2026-57303
7.1высокая

CVE-2026-57303

Описание

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

Затрагиваемое ПО
Jenkins Assembla
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Источники
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3692%20(1)