CVE-2019-10309: Improper Restriction of XML External Entity Reference
(updated )
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.
References
- www.openwall.com/lists/oss-security/2019/04/30/5
- github.com/advisories/GHSA-w898-3ph8-5pgm
- jenkins.io/security/advisory/2019-04-30/
- nvd.nist.gov/vuln/detail/CVE-2019-10309
- web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159
- www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783
Detect and mitigate CVE-2019-10309 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →