Jump to: navigation, search

Hudson-ci/alerts/CVE-2015-8031

Hudson Continuous Integration Server
Website
Download
Community
Mailing ListForumsIRCmattermost
Bugzilla
OpenHelp WantedBug Day
Contribute
Browse Source
Hudson-bust.png Hudson Security Advisory
CVE-2015-8031











CVE-2015-8031 - Hudson XML External Entity Injection

CVE CVE-2015-8031
Description Hudson XML API External Entity Injection Vunerability
Severity Critical
Type Remote Access Vulnerability
Version(s) Affected All versions prior to 3.3.2
Bugzilla Ref 479777

Description

Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.

Fix

Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible

Credits

The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability.