Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Hudson-ci/alerts/CVE-2015-8031"
| Line 1: | Line 1: | ||
| − | {{Hudson | pageTitle = Hudson Security Advisory CVE-2015-8031}} | + | {{Hudson | pageTitle = Hudson Security Advisory<br/> CVE-2015-8031}} |
==CVE-2015-8031 - Hudson XML External Entity Injection== | ==CVE-2015-8031 - Hudson XML External Entity Injection== | ||
| Line 25: | Line 25: | ||
Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server. | Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server. | ||
| − | === | + | ===Fix=== |
Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible | Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible | ||
===Credits=== | ===Credits=== | ||
The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability. | The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability. | ||
Revision as of 07:35, 3 November 2015
| Hudson Continuous Integration Server | |
| Website | |
| Download | |
| Community | |
| Mailing List • Forums • IRC • mattermost | |
| Issues | |
| Open • Help Wanted • Bug Day | |
| Contribute | |
| Browse Source |
|
Hudson Security Advisory CVE-2015-8031 |
|---|
CVE-2015-8031 - Hudson XML External Entity Injection
| CVE | CVE-2015-8031 |
|---|---|
| Description | Hudson XML API External Entity Injection Vunerability |
| Severity | Critical |
| Type | Remote Access Vulnerability |
| Version(s) Affected | All versions prior to 3.3.2 |
| Bugzilla Ref | 47977 |
Description
Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Fix
Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible
Credits
The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability.