Moderate severityNVD Advisory· Published Apr 30, 2019· Updated Aug 4, 2024
CVE-2019-10309
CVE-2019-10309
Description
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:swarmMaven | <= 3.15 | — |
Affected products
2- Range: 3.15 and earlier
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-w898-3ph8-5pgmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10309ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/04/30/5ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/108159mitrevdb-entryx_refsource_BID
- jenkins.io/security/advisory/2019-04-30/ghsax_refsource_CONFIRMWEB
- web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159ghsaWEB
- www.talosintelligence.com/vulnerability_reports/TALOS-2019-0783ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.