1. Home
  2. Vulnerabilities
  3. CVE-2018-1000012

CVE-2018-1000012

CVSS v3.0 8.8 (High)
88% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 0.10 % (43th)
0.10% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-01-23 14:29:00
(6 years ago)
Updated Date
2018-02-07 12:21:37
(6 years ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Warnings for Jenkins 4.64 and prior versions cpe:2.3:a:jenkins:warnings::*:*:*:*:jenkins <= 4.64