CVE-2015-1811

Improper Restriction of XML External Entity Reference in maven/org.jenkins-ci.main/jenkins-core

Identifiers

GHSA-qg7x-4h4q-3m49, CVE-2015-1811

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Improper Restriction of XML External Entity Reference

Description

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

Affected Versions

All versions before 1.596.1, all versions starting from 1.597 before 1.600

Solution

Upgrade to versions 1.596.1, 1.600 or above.

Last Modified

2024-01-31

source