CVE-2019-10337

Published: 11/06/2019 Updated: 25/10/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and previous versions allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins token macro

Synopsis Moderate: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift and jenkins-2-plugins is now available forRed Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impactof ...

Synopsis Important: OpenShift Container Platform 41 jenkins-2-plugins security update Type/Severity Security Advisory: Important Topic An update for jenkins-2-plugins is now available for Red Hat OpenShiftContainer Platform 41Red Hat Product Security has rated this update as having a security impactof Im ...

Impact: Moderate Public Date: 2019-06-11 CWE: CWE-611 Bugzilla: 1719782: CVE-2019-10337 jenkins-plugin- ...

Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * ElectricFlow Plugin 117 * JX Resources Plugin 1037 * Token Macro Plugin 28 Summaries of the vulnerabilities are below More details, sev ...

CWE-611 https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1399 http://www.openwall.com/lists/oss-security/2019/06/11/1 http://www.securityfocus.com/bid/108747 https://access.redhat.com/errata/RHSA-2019:1636 https://access.redhat.com/errata/RHSA-2019:1851 https://access.redhat.com/errata/RHSA-2019:1851 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-10337

CVE-2019-10337

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect