[org.jenkins-ci.plugins:repo] Jenkins REPO Plugin does not configure XML parser to prevent XXE attacks

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. REPO Plugin 1.16.0 disables external entity resolution for its XML parser.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-43415
• https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337
• http://www.openwall.com/lists/oss-security/2022/10/19/3
• https://github.com/advisories/GHSA-2w2m-ccf8-57cq