Vulnerability CVE-2019-10309


Published: 2019-04-30

Description:
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.8/10
4.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
Jenkins -> Self-organizing swarm modules 

 References:
http://www.openwall.com/lists/oss-security/2019/04/30/5
http://www.securityfocus.com/bid/108159
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1252
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783

Copyright 2020, cxsecurity.com

 

Back to Top