CVE-2019-16549
published 2019-12-17CVE-2019-16549: Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | alauda_devops_pipeline_plugin | — | — |
| jenkins | alauda_kubernetes_suport_plugin | — | — |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | ids_in_team_concert_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | jenkins_and_plugin | — | — |
| jenkins | mantis_plugin | — | — |
| jenkins | maven | <= 0.16.1 | — |
| jenkins | maven_release_plug-in_plugin | — | — |
| jenkins | mission_control_plugin | — | — |
| jenkins | pipeline_aggregator_view_plugin | — | — |
| jenkins | rapiddeploy_plugin | — | — |
| jenkins | redgate_sql_change_automation_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | sctmexecutor_plugin | — | — |
| jenkins | spira_importer_plugin | — | — |
| jenkins | team_concert_plugin | — | — |
| jenkins | websphere_deployer_plugin | — | — |
| jenkins | weibo_plugin | — | — |
| jenkins_project | jenkins_maven_release_plugin | unspecified – 0.16.1 | — |