Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-37942HistoryJul 12, 2023 - 4:15 p.m.
CVE-2023-37942
2023-07-1216:15:13
Alpine Linux Development Team
security.alpinelinux.org
9
jenkins
monitor
xxe
vulnerability
cve-2023-37942
xml
parser
unix
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.3%
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | jenkins | = 2.387.3-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | jenkins | = 2.440.3-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | jenkins | = 2.440.2-r0 | UNKNOWN |
| Alpine | edge-community | noarch | jenkins | = 2.462.1-r0 | UNKNOWN |
Related
cvelist
cvelist
CVE-2023-37942
2023-07-12 15:52:46
nvd
nvd
CVE-2023-37942
2023-07-12 16:15:13
veracode
veracode
XML External Entity (XXE) Attacks
2023-07-17 09:10:31
cve
cve
CVE-2023-37942
2023-07-12 16:15:13
prion
prion
Xxe
2023-07-12 16:15:00
osv
osv
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
2023-07-12 18:30:38
github
github
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
2023-07-12 18:30:38
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.3%
Related for ALPINE:CVE-2023-37942