CVE-2019-10327XML External Entity (XXE) Injection in Jenkins Pipeline Maven Integration

CWE-611XML External Entity (XXE) Injection5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 65.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Pipeline Maven IntegrationJenkins Project Jenkins Pipeline Maven Integration Plugin
Timeline
PublishedMay 31
Latest updateMay 24

Description

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin2022-05-24
GHSA
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin2022-05-24
CVEList
CVE-2019-10327: An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 12019-05-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-05-312019-05-31
CVE-2019-10327 — XML External Entity (XXE) Injection | cvebase