CVE-2015-1811 — XML External Entity (XXE) Injection in Jenkins Cloudbees

CWE-611 — XML External Entity (XXE) Injection7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 68.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Cloudbees Cloudbees Jenkins Cloudbees Jenkins LTS

Timeline

PublishedJan 15

Latest updateMay 24

Description

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDjenkins/cloudbees< 1.596.1+1

▶CVEListV5cloudbees/jenkinsbefore 1.600

▶CVEListV5cloudbees/jenkins_ltsbefore 1.596.1

🔴Vulnerability Details

OSV

XML external entity (XXE) vulnerability in Jenkins↗2022-05-24

▶

GHSA

XML external entity (XXE) vulnerability in Jenkins↗2022-05-24

▶

CVEList

CVE-2015-1811: XML external entity (XXE) vulnerability in CloudBees Jenkins before 1↗2020-01-15

▶

📋Vendor Advisories

Red Hat

jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)↗2015-02-27

▶

💬Community

Bugzilla

CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]↗2015-03-25

▶

Bugzilla

CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)↗2015-03-25

▶