← Back

CVE-2019-10337

nvd nist
Published: Jun 11, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

Affected (1)

Products: Jenkins: Token Macro
Jenkins
1 product
Token Macro
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Token Macro
Up to 2.7

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (10)

Source: jenkinsci-cert@googlegroups.com
Mailing ListThird Party Advisory
Source: jenkinsci-cert@googlegroups.com
Source: jenkinsci-cert@googlegroups.com
Source: jenkinsci-cert@googlegroups.com
Source: jenkinsci-cert@googlegroups.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.