CVE-2015-1811: Improper Restriction of XML External Entity Reference

May 24, 2022 (updated January 30, 2024)

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

References

bugzilla.redhat.com/show_bug.cgi?id=1205632
github.com/advisories/GHSA-qg7x-4h4q-3m49
jenkins.io/security/advisory/2015-02-27/
nvd.nist.gov/vuln/detail/CVE-2015-1811

Detect and mitigate CVE-2015-1811 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →