7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
jenkins is vulnerable to XML external entity attacks (XXE). An attacker is able to create malicious XML documents and feed that into Jenkins, which causes Jenkins to retrieve arbitrary XML document on the server, resulting in the exposure of sensitive information inside/outside Jenkins.
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1062253
bugzilla.redhat.com/show_bug.cgi?id=1128567
bugzilla.redhat.com/show_bug.cgi?id=1130028
bugzilla.redhat.com/show_bug.cgi?id=1138522
bugzilla.redhat.com/show_bug.cgi?id=1152524
bugzilla.redhat.com/show_bug.cgi?id=1160699
bugzilla.redhat.com/show_bug.cgi?id=1171815
bugzilla.redhat.com/show_bug.cgi?id=1191283
bugzilla.redhat.com/show_bug.cgi?id=1197123
bugzilla.redhat.com/show_bug.cgi?id=1197576
bugzilla.redhat.com/show_bug.cgi?id=1205632
bugzilla.redhat.com/show_bug.cgi?id=1216206
bugzilla.redhat.com/show_bug.cgi?id=1217572
bugzilla.redhat.com/show_bug.cgi?id=1221931
bugzilla.redhat.com/show_bug.cgi?id=1225943
bugzilla.redhat.com/show_bug.cgi?id=1226061
bugzilla.redhat.com/show_bug.cgi?id=1227501
bugzilla.redhat.com/show_bug.cgi?id=1228373
bugzilla.redhat.com/show_bug.cgi?id=1229300
bugzilla.redhat.com/show_bug.cgi?id=1232827
bugzilla.redhat.com/show_bug.cgi?id=1232921
bugzilla.redhat.com/show_bug.cgi?id=1241750
bugzilla.redhat.com/show_bug.cgi?id=1257757
bugzilla.redhat.com/show_bug.cgi?id=1264039
bugzilla.redhat.com/show_bug.cgi?id=1264210
bugzilla.redhat.com/show_bug.cgi?id=1264216
jenkins.io/security/advisory/2015-02-27/
rhn.redhat.com/errata/RHSA-2015-1844.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N