GHSA-pr9h-g7p7-rrqh

Source

https://github.com/advisories/GHSA-pr9h-g7p7-rrqh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pr9h-g7p7-rrqh/GHSA-pr9h-g7p7-rrqh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pr9h-g7p7-rrqh

Aliases

CVE-2018-1000011

Published

2022-05-14T03:46:08Z

Modified

2024-02-18T05:24:10.424494Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

XML External Entity Reference in Jenkins FindBugs Plugin

Details

Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

Database specific

{
    "nvd_published_at": "2018-01-23T14:29:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T19:13:08Z"
}

References

Affected packages

Maven / org.jvnet.hudson.plugins.findbugs:library

Package

Name: org.jvnet.hudson.plugins.findbugs:library; View open source insights on deps.dev
Purl: pkg:maven/org.jvnet.hudson.plugins.findbugs/library

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.7.1

Affected versions

1.*

1.3.9

1.3.10-hudson3

2.*

2.0.0

2.0.0-hudson3

2.0.0-hudson3a

2.0.1

2.0.4

2.0.5

2.0.6

2.1.0

3.*

3.0.2

3.0.3

3.0.4

4.*

4.0.0