CVE-2015-5319

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/11/2015
Last modified:
12/04/2025

Description

XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:* 3.1 (including)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* 1.625.1 (including)
cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* 1.637 (including)