Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Hudson-ci/alerts/CVE-2015-8031
Hudson Continuous Integration Server | |
Website | |
Download | |
Community | |
Mailing List • Forums • IRC • mattermost | |
Issues | |
Open • Help Wanted • Bug Day | |
Contribute | |
Browse Source |
Hudson Security Advisory CVE-2015-8031 |
---|
CVE-2015-8031 - Hudson XML External Entity Injection
CVE | CVE-2015-8031 |
---|---|
Description | Hudson XML API External Entity Injection Vunerability |
Severity | Critical |
Type | Remote Access Vulnerability |
Version(s) Affected | All versions prior to 3.3.2 |
Bugzilla Ref | 479777 |
Description
Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Fix
Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible
Credits
The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability.