CVE-2018-1000012XML External Entity (XXE) Injection in Jenkins Warnings

CWE-611XML External Entity (XXE) Injection5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 79.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Warnings
Timeline
PublishedJan 23
Latest updateMay 14

Description

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
XXE vulnerability Jenkins Warnings Plugin2022-05-14
GHSA
XXE vulnerability Jenkins Warnings Plugin2022-05-14
CVEList
CVE-2018-1000012: Jenkins Warnings Plugin 42018-01-23

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-01-222018-01-22
CVE-2018-1000012 — XML External Entity (XXE) Injection | cvebase