ID CVE-2019-10337
Summary An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.
References
Vulnerable Configurations
  • Jenkins Token Macro 2.7 for Jenkins
    cpe:2.3:a:jenkins:token_macro:2.7:-:-:-:-:jenkins
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-611
CAPEC
Last major update 11-06-2019 - 11:29
Published 11-06-2019 - 10:29
Last modified 13-06-2019 - 09:29
Back to Top