CVE-2015-1809

Improper Restriction of XML External Entity Reference in maven/org.jenkins-ci.main/jenkins-core

Identifiers

GHSA-qj27-w92h-fc9r, CVE-2015-1809

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Improper Restriction of XML External Entity Reference

Description

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

Affected Versions

All versions before 1.596.1, all versions starting from 1.597 before 1.600

Solution

Upgrade to versions 1.596.1, 1.600 or above.

Last Modified

2024-01-31

source