CVE-2015-1809

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
jenkinscloudbees
𝑥
< 1.596.1
jenkinscloudbees
𝑥
< 1.600
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cloudbeesjenkins
𝑥
< 1.600
CNA
cloudbeesjenkins
𝑥
< 1.596.1
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
lucid
dne
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
https://jenkins.io/security/advisory/2015-02-27/
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
https://jenkins.io/security/advisory/2015-02-27/