Описание
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jenkins:self-organizing_swarm_modules:-:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
9.3 Critical
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response
EPSS
Процентиль: 22%
0.00072
Низкий
9.3 Critical
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-611