CVE-2019-10309

Published: Apr 30, 2019Modified: Nov 21, 2024

9.3

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.8

Source: NVD

Description

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.

Affected (1)

Products: Jenkins: Self Organizing Swarm Modules

1 product

Self Organizing Swarm Modules

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Self Organizing Swarm Modules	All versions

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (8)

http://www.openwall.com/lists/oss-security/2019/04/30/5

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108159

Source: jenkinsci-cert@googlegroups.com

https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1252

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783

Source: jenkinsci-cert@googlegroups.com

http://www.openwall.com/lists/oss-security/2019/04/30/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108159

Source: af854a3a-2127-422b-91ae-364da2661108

https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1252

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.