CVE-2019-10327
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.
Una vulnerabilidad de las entidades externas XML (XXE) en el Plugin Pipeline Maven Integration de Jenkins versión 1.7.0 y anteriores, permitía a los atacantes calificados para controlar el contenido de un directorio temporal en el agente que ejecuta la compilación de Maven para que Jenkins analice un archivo XML creado maliciosamente que utiliza entidades externas para la extracción de información confidencial del servidor maestro de Jenkins, una falsificación de petición del lado del servidor (SSRF) o ataques de Denegación de Servicio (DoS).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-29 CVE Reserved
- 2019-05-31 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2019/05/31/2 | Mailing List | |
http://www.securityfocus.com/bid/108540 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1409 | 2023-10-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jenkins Search vendor "Jenkins" | Pipeline Maven Integration Search vendor "Jenkins" for product "Pipeline Maven Integration" | <= 1.7.0 Search vendor "Jenkins" for product "Pipeline Maven Integration" and version " <= 1.7.0" | jenkins |
Affected
|