CVE-2018-1000008

Опубликовано: 23 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Ссылки

http://www.securityfocus.com/bid/102844
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-01-22/
Vendor Advisory
http://www.securityfocus.com/bid/102844
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-01-22/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:pmd:*:*:*:*:*:jenkins:*:*

Версия до 3.49 (включая)

EPSS

Процентиль: 22%

0.00074

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-687x-269m-7cv9