Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jNG1wLWgzbTItaDVtY84AAXQb

Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Permalink: https://github.com/advisories/GHSA-c4mp-h3m2-h5mc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNG1wLWgzbTItaDVtY84AAXQb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago


CVSS Score: 8.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Identifiers: GHSA-c4mp-h3m2-h5mc, CVE-2018-1000054
References: Blast Radius: 0.0

Affected Packages

maven:org.jvnet.hudson.plugins:ccm
Dependent packages: 0
Dependent repositories: 1
Downloads:
Affected Version Ranges: < 3.2
Fixed in: 3.2
All affected versions: 1.0.1
All unaffected versions: