2 matches found
CVE-2015-1811
Jenkins XXE: XML External Entity handling flaw in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows reading arbitrary XML files via crafted XML documents. Root cause: improper XML processing. Affected products/versions are Jenkins core prior to 1.600 and LTS prior to 1.596.1. Remediati...
CVE-2015-1809
CVE-2015-1809 describes an XML External Entity (XXE) vulnerability in CloudBees Jenkins prior to 1.600 and in LTS releases prior to 1.596.1. The vulnerability arises from Jenkins' XPath/XML handling, allowing a remote attacker with read access to read arbitrary XML files on the Jenkins server. Af...