Required CVE Record Information
Description
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- openwall.com: [oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred
- securityfocus.com: 108159 vdb-entryx_transferred
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783 x_transferred
- https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1252 x_transferred