CVE-2020-2115: 
Java vulnerability analysis and mitigation

CVE-2020-2115 affects the Jenkins NUnit Plugin versions 0.25 and earlier. The vulnerability was discovered by Federico Pellegrin and disclosed on February 12, 2020. This security issue impacts the XML parsing functionality within the NUnit Plugin, which is used for processing test results in Jenkins continuous integration environments (Jenkins Advisory).

The vulnerability is classified as an XML External Entity (XXE) attack vulnerability with a High severity CVSS rating. The core issue stems from the plugin's failure to properly configure its XML parser to prevent XXE attacks. The vulnerability exists in the post-build step processing where the plugin parses XML input files (Jenkins Advisory).

If exploited, this vulnerability allows attackers who can control the input files for the plugin's post-build step to craft malicious XML files that could lead to extraction of secrets from the Jenkins controller, enable server-side request forgery (SSRF), or facilitate denial-of-service attacks (Jenkins Advisory).

The vulnerability was patched in NUnit Plugin version 0.26, which disables external entity processing for its XML parser. Users are strongly advised to upgrade to this version or later to mitigate the vulnerability (Jenkins Advisory).