Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xajI3LXc5MmgtZmM5cs4AAjQo

XML external entity (XXE) vulnerability in Jenkins

XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

Permalink: https://github.com/advisories/GHSA-qj27-w92h-fc9r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajI3LXc5MmgtZmM5cs4AAjQo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-qj27-w92h-fc9r, CVE-2015-1809
References:

https://nvd.nist.gov/vuln/detail/CVE-2015-1809
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
https://jenkins.io/security/advisory/2015-02-27/
https://github.com/advisories/GHSA-qj27-w92h-fc9r

Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.main:jenkins-core

Affected Version Ranges: < 1.596.1, >= 1.597, < 1.600
Fixed in: 1.596.1, 1.600