Vulnerabilities > CVE-2019-10327 - XXE vulnerability in Jenkins Pipeline Maven Integration
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/05/31/2
- http://www.openwall.com/lists/oss-security/2019/05/31/2
- http://www.securityfocus.com/bid/108540
- http://www.securityfocus.com/bid/108540
- https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1409
- https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1409