CVE-2019-1003015

Summary

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Job Import Plugin2.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References