CVE-2018-1000011 - Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part

CVE-2018-1000011

Summary

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

References

https://jenkins.io/security/advisory/2018-01-22/

Vulnerable Configurations

cpe:2.3:a:jenkins:findbugs:1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:1.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:2.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:3.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.30:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.30:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.31:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.31:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.32:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.32:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.33:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.33:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.34:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.34:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.35:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.35:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.36:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.36:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.37:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.37:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.38:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.38:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.39:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.39:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.40:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.40:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.41:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.41:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.42:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.42:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.43:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.43:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.44:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.44:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.45:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.45:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.46:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.46:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.47:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.47:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.48:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.48:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.49:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.49:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.50:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.50:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.51:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.51:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.52:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.52:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.53:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.53:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.58:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.58:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.59:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.59:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.60:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.60:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.61:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.61:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.62:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.62:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.63:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.63:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.64:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.64:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.65:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.65:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.67:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.67:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.68:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.68:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.69:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.69:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.70:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.70:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.71:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:findbugs:4.71:*:*:*:*:jenkins:*:*

CVSS

Base:	6.5 (as of 07-02-2018 - 12:21)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

confirm

https://jenkins.io/security/advisory/2018-01-22/

Last major update

07-02-2018 - 12:21

Published

23-01-2018 - 14:29

Last modified

07-02-2018 - 12:21