Loading market data...
← Back to CVE feed

CVE-2026-57303

HIGH CVSS 7.1 View on NVD ↗

Description

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Published: Jun 24, 2026 14:17 UTC Modified: Jun 24, 2026 15:16 UTC