XXE Vulnerability in Jenkins External Monitor Job Type Plugin
CVE-2023-37942

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins External Monitor Job Type Plugin
Vendor: CVE Published:; 12 July 2023

What is CVE-2023-37942?

The External Monitor Job Type Plugin for Jenkins prior to version 206.v9a_94ff0b_4a_10 is susceptible to XML External Entity (XXE) attacks due to improper XML parser configuration. This oversight allows attackers to manipulate XML data and potentially exploit sensitive information, posing risks to data integrity and confidentiality within Jenkins environments.

Affected Version(s)

Jenkins External Monitor Job Type Plugin 0 <= 206.v9a_94ff0b_4a_10

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 11, 2023