ASA-2019-00606 – Jenkins 360 FireLine Plugin: XML External Entity (XXE) vulnerability

A form validation method that accepts XML does not perform permission checks. This allows users with Overall/Read permission to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.