// For flags

CVE-2019-10327

 

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

Una vulnerabilidad de las entidades externas XML (XXE) en el Plugin Pipeline Maven Integration de Jenkins versión 1.7.0 y anteriores, permitía a los atacantes calificados para controlar el contenido de un directorio temporal en el agente que ejecuta la compilación de Maven para que Jenkins analice un archivo XML creado maliciosamente que utiliza entidades externas para la extracción de información confidencial del servidor maestro de Jenkins, una falsificación de petición del lado del servidor (SSRF) o ataques de Denegación de Servicio (DoS).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-29 CVE Reserved
  • 2019-05-31 CVE Published
  • 2024-05-24 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jenkins
Search vendor "Jenkins"
Pipeline Maven Integration
Search vendor "Jenkins" for product "Pipeline Maven Integration"
<= 1.7.0
Search vendor "Jenkins" for product "Pipeline Maven Integration" and version " <= 1.7.0"
jenkins
Affected