Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00cmo2LTlwamgtODgycs4AAXTa
Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Permalink: https://github.com/advisories/GHSA-4rj6-9pjh-882rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cmo2LTlwamgtODgycs4AAXTa
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 8.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Identifiers: GHSA-4rj6-9pjh-882r, CVE-2018-1000056
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000056
- https://jenkins.io/security/advisory/2018-02-05/
- https://github.com/jenkinsci/junit-plugin/commit/15f39fc49d9f25bca872badb48e708a8bb815ea7
- https://github.com/advisories/GHSA-4rj6-9pjh-882r
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:junit
Affected Version Ranges: <= 1.23Fixed in: 1.24