CVE-2015-1809

Опубликовано: 27 фев. 2015

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

It was found that Jenkins' XPath handling allowed XML External Entity (XXE) expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1205625jenkins: external entity injection via XPath (SECURITY-165)

EPSS

Процентиль: 33%

0.00132

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-1809

CVSS3: 7.5

ubuntu

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

CVE-2015-1809

CVSS3: 7.5

nvd

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

CVE-2015-1809

CVSS3: 7.5

debian

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...

GHSA-qj27-w92h-fc9r

CVSS3: 7.5

github

больше 3 лет назад

XML external entity (XXE) vulnerability in Jenkins

EPSS

Процентиль: 33%

0.00132

Низкий

4.3 Medium

CVSS2