Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Hudson-ci/alerts/CVE-2015-8031
| Hudson Continuous Integration Server | |
| Website | |
| Download | |
| Community | |
| Mailing List • Forums • IRC • mattermost | |
| Issues | |
| Open • Help Wanted • Bug Day | |
| Contribute | |
| Browse Source |
|
Hudson Security Advisory CVE-2015-8031 |
|---|
CVE-2015-8031 - Hudson XML External Entity Injection
| CVE | CVE-2015-8031 |
|---|---|
| Description | Hudson XML API External Entity Injection Vunerability |
| Severity | Critical |
| Type | Remote Access Vulnerability |
| Version(s) Affected | All versions prior to 3.3.2 |
| Bugzilla Ref | 479777 |
Description
Prior to version 3.3.2 Hudson exhibits a flaw in it's XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Fix
Hudson users should upgrade to Hudson 3.3.2 or above as soon as possible
Credits
The Hudson Team would like to thank Luca Carettoni, Fabian Beterke and Tushar Dalvi from LinkedIn for their work in uncovering and reporting this vulnerability.