9.8

CVE-2015-8031

Exploit
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseHudson Version < 3.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.29% 0.665
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://github.com/advisories/GHSA-j3h2-8mf8-j5r2
Third Party Advisory
Exploit
https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221
Third Party Advisory
Exploit
https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031
Vendor Advisory