Vulnerability CVE-2018-1000008

Vulnerability CVE-2018-1000008

Published: 2018-01-23

Description:

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Jenkins -> PMD

References:

http://www.securityfocus.com/bid/102844

https://jenkins.io/security/advisory/2018-01-22/

Copyright 2024, cxsecurity.com