Vulnerabilities > CVE-2019-10309 - XXE vulnerability in Jenkins Self-Organizing Swarm Modules

CVSS 9.3 - CRITICAL

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

low complexity

jenkins

CWE-611

critical

NVD

Published: 2019-04-30

Updated: 2023-10-25

Summary

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Self Organizing Swarm Modules -	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Talos

id	TALOS-2019-0783
last seen	2019-05-29
published	2019-05-06
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783
title	Jenkins Swarm Plugin XML external entities information disclosure vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Talos

References