|Hudson Continuous Integration Server|
|Mailing List • Forums • IRC • mattermost|
|Open • Help Wanted • Bug Day|
| Hudson Security Advisory|
CVE-2015-8031 - Hudson XML External Entity Injection
|Description||Hudson XML API External Entity Injection Vunerability|
|Type||Remote Access Vulnerability|
|Version(s) Affected||All versions prior to 3.3.2|
Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible
The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability.