CVE-2023-4218

Summary

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse IDE0 < 4.29affected
Eclipse FoundationEclipse IDE0 < 2023-09affected
Eclipse Foundationorg.eclipse.core.runtime0 < 3.29.0affected
Eclipse Foundationorg.eclipse.pde0 <= 3.13.2400affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References