Lucene search

Veracode Vulnerability DatabaseVERACODE:16489

HistoryMay 02, 2019 - 5:18 a.m.

XML External Entity (XXE)

2019-05-0205:18:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

jenkins is vulnerable to XML external entity attacks (XXE). An attacker is able to create malicious XML documents and feed that into Jenkins, which causes Jenkins to retrieve arbitrary XML document on the server, resulting in the exposure of sensitive information inside/outside Jenkins.

CPENameOperatorVersion
openshift-origin-logshiftereq1.8.2.1__1.el6op
openshift-origin-logshiftereq1.8.1.0__1.el6op
openshift-origin-logshiftereq1.5.2.1__1.el6op
openshift-origin-logshiftereq1.9.1.1__1.el6op
openshift-origin-logshiftereq1.5.2__1.el6op
openshift-origin-node-utileq1.0.5__1.el6op
openshift-origin-node-utileq1.22.9.1__1.el6op
openshift-origin-node-utileq1.0.8__1.el6op
openshift-origin-node-utileq1.34.0.1__1.el6op
openshift-origin-node-utileq1.17.4__2.el6op

Name	Operator	Version
openshift-origin-logshifter	eq	1.8.2.1__1.el6op
openshift-origin-logshifter	eq	1.8.1.0__1.el6op
openshift-origin-logshifter	eq	1.5.2.1__1.el6op
openshift-origin-logshifter	eq	1.9.1.1__1.el6op
openshift-origin-logshifter	eq	1.5.2__1.el6op
openshift-origin-node-util	eq	1.0.5__1.el6op
openshift-origin-node-util	eq	1.22.9.1__1.el6op
openshift-origin-node-util	eq	1.0.8__1.el6op
openshift-origin-node-util	eq	1.34.0.1__1.el6op
openshift-origin-node-util	eq	1.17.4__2.el6op

Rows per page:

1-10 of 3441

References

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1062253

bugzilla.redhat.com/show_bug.cgi?id=1128567

bugzilla.redhat.com/show_bug.cgi?id=1130028

bugzilla.redhat.com/show_bug.cgi?id=1138522

bugzilla.redhat.com/show_bug.cgi?id=1152524

bugzilla.redhat.com/show_bug.cgi?id=1160699

bugzilla.redhat.com/show_bug.cgi?id=1171815

bugzilla.redhat.com/show_bug.cgi?id=1191283

bugzilla.redhat.com/show_bug.cgi?id=1197123

bugzilla.redhat.com/show_bug.cgi?id=1197576

bugzilla.redhat.com/show_bug.cgi?id=1205632

bugzilla.redhat.com/show_bug.cgi?id=1216206

bugzilla.redhat.com/show_bug.cgi?id=1217572

bugzilla.redhat.com/show_bug.cgi?id=1221931

bugzilla.redhat.com/show_bug.cgi?id=1225943

bugzilla.redhat.com/show_bug.cgi?id=1226061

bugzilla.redhat.com/show_bug.cgi?id=1227501

bugzilla.redhat.com/show_bug.cgi?id=1228373

bugzilla.redhat.com/show_bug.cgi?id=1229300

bugzilla.redhat.com/show_bug.cgi?id=1232827

bugzilla.redhat.com/show_bug.cgi?id=1232921

bugzilla.redhat.com/show_bug.cgi?id=1241750

bugzilla.redhat.com/show_bug.cgi?id=1257757

bugzilla.redhat.com/show_bug.cgi?id=1264039

bugzilla.redhat.com/show_bug.cgi?id=1264210

bugzilla.redhat.com/show_bug.cgi?id=1264216

jenkins.io/security/advisory/2015-02-27/

rhn.redhat.com/errata/RHSA-2015-1844.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:16489