Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zdmN4LXc5NGgtNjh2Z84AAXTZ

XXE vulnerability in Jenkins Android Lint Plugin

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Permalink: https://github.com/advisories/GHSA-3vcx-w94h-68vg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zdmN4LXc5NGgtNjh2Z84AAXTZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 3 months ago

CVSS Score: 8.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Identifiers: GHSA-3vcx-w94h-68vg, CVE-2018-1000055
References:

Blast Radius: 1.0

Affected Packages

maven:org.jvnet.hudson.plugins:android-lint

Affected Version Ranges: <= 2.5
Fixed in: 2.6