PT-2015-6852 · Cloudbees+1 · Jenkins
James Nord
·
Publicado
2015-11-25
·
Atualizado
2022-05-13
·
CVE-2015-5319
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Jenkins versions prior to 1.638
Jenkins LTS versions prior to 1.625.2
Description
A vulnerability exists in the create-job CLI command, allowing remote attackers to read arbitrary files via a crafted job configuration. This can be exploited when the configuration is used in an "XML-aware tool," such as get-job and update-job.
Recommendations
For Jenkins versions prior to 1.638, update to version 1.638 or later.
For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins