3 matches found
Jenkins Swarm Plugin XML External Entity Injection (CVE-2019-10309)
An information disclosure vulnerability exists in Jenkins Swarm Plugin. Successful exploitation of this vulnerability could lead to the disclosure of arbitrary files from the client...
CVE-2019-10309
The CVE-2019-10309 entry concerns the Jenkins Swarm Plugin (Swarm Client) where UDP-based master discovery responses are XML documents that are parsed without proper XXE protection. This XXE flaw could allow an unauthenticated attacker on the same network to read arbitrary files from Swarm client...
CVE-2019-10309
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients...