CVE-2019-10327 – org.jenkins-ci.plugins:pipeline-maven

Package

Manager: maven
Name: org.jenkins-ci.plugins:pipeline-maven
Vulnerable Version: >=0 <3.7.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00148 pctl0.35887

Details

XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

Metadata

Created: 2022-05-24T22:00:03Z
Modified: 2022-09-09T00:45:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6755-jgp4-8q7h/GHSA-6755-jgp4-8q7h.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-6755-jgp4-8q7h
Finding: F083
Auto approve: 1