Vulnerabilities > CVE-2019-10309 - XXE vulnerability in Jenkins Self-Organizing Swarm Modules

047910
CVSS 9.3 - CRITICAL
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
low complexity
jenkins
CWE-611
critical

Summary

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.

Vulnerable Configurations

Part Description Count
Application
Jenkins
1

Talos

idTALOS-2019-0783
last seen2019-05-29
published2019-05-06
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783
titleJenkins Swarm Plugin XML external entities information disclosure vulnerability