CVE-2018-1000011

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
23/01/2018
Last modified:
07/02/2018

Description

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jenkins:findbugs:*:*:*:*:*:jenkins:*:* 4.71 (including)


References to Advisories, Solutions, and Tools