CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
16.0%
org.eclipse.jdt and org.eclipse.platform are vulnerable to XML External Entity (XXE). The vulnerability exists because the library does not disable access to external entities by default. This allows an attacker to inject malicious XML documents into an Eclipse project, potentially leading to information disclosure if an attacker tricks a user into opening the project.
bugzilla.suse.com/show_bug.cgi?id=1216992
github.com/advisories/GHSA-cc4w-3cff-j8fw
github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b
github.com/eclipse-emf/org.eclipse.emf/issues/10
github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d
github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec
github.com/eclipse-pde/eclipse.pde/pull/632/
github.com/eclipse-pde/eclipse.pde/pull/667/
github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45
github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba
github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd
github.com/eclipse-platform/eclipse.platform/pull/761
gitlab.eclipse.org/security/vulnerability-reports/-/issues/8