Vulnerabilities > CVE-2019-10466 - XXE vulnerability in Jenkins 360 Fireline

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

jenkins

CWE-611

NVD

Published: 2019-10-23

Updated: 2023-10-25

Summary

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins 360 Fireline 1.0 Jenkins 360 Fireline 1.3 Jenkins 360 Fireline 1.4 Jenkins 360 Fireline 1.4.1 Jenkins 360 Fireline 1.4.3 Jenkins 360 Fireline 1.4.4 Jenkins 360 Fireline 1.4.4.2 Jenkins 360 Fireline 1.4.20 Jenkins 360 Fireline 1.4.21 Jenkins 360 Fireline 1.4.22 Jenkins 360 Fireline 1.4.40 Jenkins 360 Fireline 1.4.41 Jenkins 360 Fireline 1.4.42 Jenkins 360 Fireline 1.4.43 Jenkins 360 Fireline 1.4.60 Jenkins 360 Fireline 1.4.61 Jenkins 360 Fireline 1.4.80 Jenkins 360 Fireline 1.4.81 Jenkins 360 Fireline 1.4.82 Jenkins 360 Fireline 1.4.83 Jenkins 360 Fireline 1.4.84 Jenkins 360 Fireline 1.4.90 Jenkins 360 Fireline 1.4.91 Jenkins 360 Fireline 1.5.0 Jenkins 360 Fireline 1.5.1 Jenkins 360 Fireline 1.5.2 Jenkins 360 Fireline 1.5.3 Jenkins 360 Fireline 1.5.4 Jenkins 360 Fireline 1.5.5 Jenkins 360 Fireline 1.5.6 Jenkins 360 Fireline 1.5.7 Jenkins 360 Fireline 1.5.8 Jenkins 360 Fireline 1.5.9 Jenkins 360 Fireline 1.5.10 Jenkins 360 Fireline 1.5.11 Jenkins 360 Fireline 1.5.12 Jenkins 360 Fireline 1.5.13 Jenkins 360 Fireline 1.5.14 Jenkins 360 Fireline 1.5.15 Jenkins 360 Fireline 1.5.16 Jenkins 360 Fireline 1.5.17 Jenkins 360 Fireline 1.5.18 Jenkins 360 Fireline 1.6.2 Jenkins 360 Fireline 1.6.18 Jenkins 360 Fireline 1.7.0 Jenkins 360 Fireline 1.7.2	46

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References