CVE-2015-1809XML External Entity (XXE) Injection in Jenkins Cloudbees

CWE-611XML External Entity (XXE) Injection7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 67.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jenkins CloudbeesCloudbees JenkinsCloudbees Jenkins LTS
Timeline
PublishedJan 15
Latest updateMay 24

Description

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDjenkins/cloudbees< 1.596.1+1
CVEListV5cloudbees/jenkinsbefore 1.600
CVEListV5cloudbees/jenkins_ltsbefore 1.596.1

🔴Vulnerability Details

3
GHSA
XML external entity (XXE) vulnerability in Jenkins2022-05-24
OSV
XML external entity (XXE) vulnerability in Jenkins2022-05-24
CVEList
CVE-2015-1809: XML external entity (XXE) vulnerability in CloudBees Jenkins before 12020-01-15

📋Vendor Advisories

1
Red Hat
jenkins: external entity injection via XPath (SECURITY-165)2015-02-27

💬Community

2
Bugzilla
CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]2015-03-25
Bugzilla
CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)2015-03-25
CVE-2015-1809 — XML External Entity (XXE) Injection | cvebase