CVE-2018-1000012 - Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part

CVE-2018-1000012

Summary

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

References

https://jenkins.io/security/advisory/2018-01-22/

Vulnerable Configurations

cpe:2.3:a:jenkins:warnings:1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:1.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:2.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:3.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.0:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.1:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.2:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.3:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.4:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.5:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.6:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.7:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.8:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.9:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.10:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.11:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.12:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.13:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.14:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.15:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.16:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.17:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.18:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.19:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.20:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.21:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.22:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.23:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.24:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.25:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.26:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.27:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.28:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.29:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.30:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.30:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.31:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.31:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.32:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.32:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.33:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.33:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.34:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.34:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.35:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.35:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.36:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.36:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.37:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.37:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.38:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.38:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.39:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.39:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.40:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.40:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.41:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.41:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.42:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.42:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.43:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.43:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.44:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.44:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.45:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.45:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.46:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.46:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.47:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.47:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.48:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.48:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.49:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.49:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.50:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.50:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.51:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.51:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.52:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.52:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.53:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.53:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.54:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.54:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.55:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.55:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.56:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.56:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.57:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.57:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.58:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.58:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.59:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.59:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.60:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.60:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.61:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.61:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.62:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.62:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.63:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.63:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.64:*:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:warnings:4.64:*:*:*:*:jenkins:*:*

CVSS

Base:	6.5 (as of 07-02-2018 - 12:21)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

confirm

https://jenkins.io/security/advisory/2018-01-22/

Last major update

07-02-2018 - 12:21

Published

23-01-2018 - 14:29

Last modified

07-02-2018 - 12:21