Lucene search
JenkinsCVE-2023-37942HistoryJul 12, 2023 - 4:15 p.m.
CVE-2023-37942
2023-07-1216:15:13
CWE-611
jenkins
web.nvd.nist.gov
25
cve-2023-37942
jenkins
external monitor job
plugin
xml parser
vulnerability
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.3%
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected configurations
Node
jenkinsexternal_monitor_job_typeRange≤206.v9a_94ff0b_4a_10jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | external_monitor_job_type | * | cpe:2.3:a:jenkins:external_monitor_job_type:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Jenkins External Monitor Job Type Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "206.v9a_94ff0b_4a_10",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-37942
2023-07-12 15:52:46
nvd
nvd
CVE-2023-37942
2023-07-12 16:15:13
alpinelinux
alpinelinux
CVE-2023-37942
2023-07-12 16:15:13
veracode
veracode
XML External Entity (XXE) Attacks
2023-07-17 09:10:31
prion
prion
Xxe
2023-07-12 16:15:00
osv
osv
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
2023-07-12 18:30:38
github
github
Jenkins External Monitor Job Type Plugin XML external entity vulnerability
2023-07-12 18:30:38
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.3%
Related for CVE-2023-37942