CVE-2015-1809

HIGH7.5EPSS 0.13%

XML external entity (XXE) vulnerability in Jenkins

Published: 5/24/2022Modified: 2/18/2024

Description

XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

Affected packages (1)

Maven/org.jenkins-ci.main:jenkins-core>= 1.597, < 1.600

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1809
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1205625
WEBhttps://jenkins.io/security/advisory/2015-02-27