CVE-2015-1811

Опубликовано: 27 фев. 2015

Источник: redhat

CVSS2: 3.5

Описание

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

It was found that Jenkins' XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1205632jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)

3.5 Low

CVSS2

Связанные уязвимости

CVE-2015-1811

CVSS3: 7.5

ubuntu

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

CVE-2015-1811

CVSS3: 7.5

nvd

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

CVE-2015-1811

CVSS3: 7.5

debian

около 6 лет назад

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...

GHSA-qg7x-4h4q-3m49

CVSS3: 7.5

github

больше 3 лет назад

XML external entity (XXE) vulnerability in Jenkins

3.5 Low

CVSS2