Lucene search

GitHub Advisory DatabaseGHSA-2W2M-CCF8-57CQ

HistoryOct 19, 2022 - 7:00 p.m.

XXE vulnerability in Jenkins REPO Plugin

2022-10-1919:00:18

CWE-611

GitHub Advisory Database

github.com

jenkins

repo plugin

xxe

ssrf

1.15.0

1.16.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

REPO Plugin 1.16.0 disables external entity resolution for its XML parser.

Affected configurations

Vulners

Node

org.jenkinsci.plugins\Matchrepo

CPENameOperatorVersion
org.jenkins-ci.plugins:repolt1.16.0

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:repo	lt	1.16.0

References

www.openwall.com/lists/oss-security/2022/10/19/3

github.com/advisories/GHSA-2w2m-ccf8-57cq

github.com/jenkinsci/repo-plugin/commit/4c4a72c7de3d3e5bbbad223605ea264dcec56bc1

nvd.nist.gov/vuln/detail/CVE-2022-43415

www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for GHSA-2W2M-CCF8-57CQ