CVE-2015-1809: Improper Restriction of XML External Entity Reference

May 24, 2022 (updated January 30, 2024)

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

References

bugzilla.redhat.com/show_bug.cgi?id=1205625
github.com/advisories/GHSA-qj27-w92h-fc9r
jenkins.io/security/advisory/2015-02-27/
nvd.nist.gov/vuln/detail/CVE-2015-1809

Code Behaviors & Features

Detect and mitigate CVE-2015-1809 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →