Vulnerabilities > CVE-2019-16549 - XXE vulnerability in Jenkins Maven 0.14.0/0.16.1

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
jenkins
CWE-611

Summary

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.

Vulnerable Configurations

Part Description Count
Application
Jenkins
2