Vulnerabilities > CVE-2023-37942 - XXE vulnerability in Jenkins External Monitor JOB Type

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

jenkins

CWE-611

NVD

Published: 2023-07-12

Updated: 2023-07-20

Summary

Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins External Monitor JOB Type 1.0 Jenkins External Monitor JOB Type 1.1 Jenkins External Monitor JOB Type 1.2 Jenkins External Monitor JOB Type 1.3 Jenkins External Monitor JOB Type 1.4 Jenkins External Monitor JOB Type 1.5 Jenkins External Monitor JOB Type 1.6 Jenkins External Monitor JOB Type 1.7 Jenkins External Monitor JOB Type 1.7.1 Jenkins External Monitor JOB Type 189.V849257A_0D3A_C Jenkins External Monitor JOB Type 191.V363D0D1Efdf8 Jenkins External Monitor JOB Type 192.Ve979Ca_8B_3Ccd Jenkins External Monitor JOB Type 203.V683C09D993B_9 Jenkins External Monitor JOB Type 206.V9A_94Ff0B_4A_10	14

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References