An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-04T15:14:14

Updated: 2024-08-04T12:04:22.528Z

Reserved: 2020-05-04T00:00:00

Link: CVE-2020-12642

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-04T16:15:12.147

Modified: 2024-11-21T04:59:58.167

Link: CVE-2020-12642

cve-icon Redhat

No data.