https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--- Doc Text *updated* by Kurt Seifried kseifried@redhat.com --- It was found that Jenkins XML handling allows XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server.