CVE-2015-1809 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.597 <1.600 || >=0 <1.596.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00132 pctl0.33517

Details

XML external entity (XXE) vulnerability in Jenkins XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

Metadata

Created: 2022-05-24T17:06:12Z
Modified: 2024-01-30T21:10:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj27-w92h-fc9r/GHSA-qj27-w92h-fc9r.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-qj27-w92h-fc9r
Finding: F083
Auto approve: 1