Description
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-2243 | Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. |
 Github GHSA |
GHSA-3vcx-w94h-68vg | XXE vulnerability in Jenkins Android Lint Plugin |
References
| Link | Providers |
|---|---|
| https://jenkins.io/security/advisory/2018-02-05/ |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T12:33:48.847Z
Reserved: 2018-02-05T00:00:00.000Z
Link: CVE-2018-1000055
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-09T23:29:01.980
Modified: 2024-11-21T03:39:32.463
Link: CVE-2018-1000055
Redhat
No data.
OpenCVE Enrichment
No data.