CVE-2015-1811 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.597 <1.600 || >=0 <1.596.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00125 pctl0.32506

Details

XML external entity (XXE) vulnerability in Jenkins XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

Metadata

Created: 2022-05-24T17:06:12Z
Modified: 2024-01-30T21:10:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qg7x-4h4q-3m49/GHSA-qg7x-4h4q-3m49.json
CWE IDs: []
Alternative ID: GHSA-qg7x-4h4q-3m49
Finding: F083
Auto approve: 1