CVE-2023-24430 – org.jenkins-ci.plugins:semantic-versioning-plugin

Package

Manager: maven
Name: org.jenkins-ci.plugins:semantic-versioning-plugin
Vulnerable Version: >=0 <1.15

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00094 pctl0.27156

Details

XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Metadata

Created: 2023-01-26T21:30:18Z
Modified: 2023-02-06T16:41:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-h8p8-6378-649p/GHSA-h8p8-6378-649p.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-h8p8-6378-649p
Finding: F083
Auto approve: 1