GHSA-x3m3-g8w6-mf28

Suggest an improvement
Source
https://github.com/advisories/GHSA-x3m3-g8w6-mf28
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-x3m3-g8w6-mf28/GHSA-x3m3-g8w6-mf28.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-x3m3-g8w6-mf28
Aliases
Published
2022-03-16T00:00:45Z
Modified
2023-11-01T04:58:29.385357Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Details

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.

Database specific
{
    "nvd_published_at": "2022-03-15T17:15:00Z",
    "github_reviewed_at": "2022-11-30T20:27:14Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611",
        "CWE-918"
    ]
}
References

Affected packages

Maven / org.jenkins-ci.plugins:semantic-versioning-plugin

Package

Name
org.jenkins-ci.plugins:semantic-versioning-plugin
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14