Server side request forgery (ssrf)

2018-02-0923:29:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.