[MAVEN:GHSA-G4C3-4F3V-84X8] Jenkins External Monitor Job Type Plugin XML external entity vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers with Item/Build permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
External Monitor Job Type Plugin 207.v98a_a_37a_85525 disables external entity resolution for its XML parser.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/external-monitor-job | < 207.v98a |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/external-monitor-job | = 207.v98a |
- ID
- MAVEN:GHSA-G4C3-4F3V-84X8
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-g4c3-4f3v-84x8
- Published
-
2023-07-12T18:30:38
(14 months ago) - Modified
-
2023-11-07T05:05:00
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/external-monitor-job | org.jenkins-ci.plugins | external-monitor-job | < 207.v98a | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/external-monitor-job | org.jenkins-ci.plugins | external-monitor-job | = 207.v98a |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |