CVE-2015-1811 - Vulnerability Details

Vendors	Products
Jenkins	Cloudbees
Redhat	Openshift

Package	CPE	Advisory	Released Date
Red Hat OpenShift Enterprise 2.2
jenkins-0:1.609.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-broker-0:1.16.2.10-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-broker-util-0:1.36.2.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-php-0:1.34.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-python-0:1.33.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-logshifter-0:1.10.1.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
openshift-origin-node-util-0:1.37.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rhc-0:1.37.1.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-console-0:1.35.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-node-0:1.37.1.1-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z
rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1844	2015-09-30T00:00:00Z

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
https://jenkins.io/security/advisory/2015-02-27/
https://nvd.nist.gov/vuln/detail/CVE-2015-1811
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
https://www.cve.org/CVERecord?id=CVE-2015-1811

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Jenkins", "vendor": "CloudBees", "versions": [{"status": "affected", "version": "before 1.600"}]}, {"product": "Jenkins LTS", "vendor": "CloudBees", "versions": [{"status": "affected", "version": "before 1.596.1"}]}], "datePublic": "2015-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-15T18:05:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2015-02-27/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1811", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins", "version": {"version_data": [{"version_value": "before 1.600"}]}}, {"product_name": "Jenkins LTS", "version": {"version_data": [{"version_value": "before 1.596.1"}]}}]}, "vendor_name": "CloudBees"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, {"name": "https://jenkins.io/security/advisory/2015-02-27/", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2015-02-27/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.333Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2015-02-27/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1811", "datePublished": "2020-01-15T18:05:34", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.333Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Jenkins (string)

vendor : CloudBees (string)

versions : [ »

0 : { »

status : affected (string)

version : before 1.600 (string)

}

]

}

1 : { »

product : Jenkins LTS (string)

vendor : CloudBees (string)

versions : [ »

0 : { »

status : affected (string)

version : before 1.596.1 (string)

}

]

}

]

datePublic : 2015-02-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Other (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-01-15T18:05:34 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://jenkins.io/security/advisory/2015-02-27/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2015-1811 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Jenkins (string)

version : { »

version_data : [ »

0 : { »

version_value : before 1.600 (string)

}

]

}

1 : { »

product_name : Jenkins LTS (string)

version : { »

version_data : [ »

0 : { »

version_value : before 1.596.1 (string)

}

]

}

]

}

vendor_name : CloudBees (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Other (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

refsource : MISC (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

1 : { »

name : https://jenkins.io/security/advisory/2015-02-27/ (string)

refsource : CONFIRM (string)

url : https://jenkins.io/security/advisory/2015-02-27/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:54:16.333Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://jenkins.io/security/advisory/2015-02-27/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2015-1811 (string)

datePublished : 2020-01-15T18:05:34 (string)

dateReserved : 2015-02-17T00:00:00 (string)

dateUpdated : 2024-08-06T04:54:16.333Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*", "matchCriteriaId": "C84374AF-1A74-442D-B5DB-AF0A9AC70F85", "versionEndExcluding": "1.596.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "000A7DB6-8E3A-4936-A2F2-DFC6A7B5E07E", "versionEndExcluding": "1.600", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."}, {"lang": "es", "value": "Una vulnerabilidad de tipo XML external entity (XXE) en CloudBees Jenkins versiones anteriores a 1.600 y LTS versiones anteriores a 1.596.1, permite a atacantes remotos leer archivos XML arbitrarios por medio de un documento XML dise\u00f1ado."}], "id": "CVE-2015-1811", "lastModified": "2024-11-21T02:26:11.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-15T19:15:12.517", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2015-02-27/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2015-02-27/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:* (string)

matchCriteriaId : C84374AF-1A74-442D-B5DB-AF0A9AC70F85 (string)

versionEndExcluding : 1.596.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:* (string)

matchCriteriaId : 000A7DB6-8E3A-4936-A2F2-DFC6A7B5E07E (string)

versionEndExcluding : 1.600 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de tipo XML external entity (XXE) en CloudBees Jenkins versiones anteriores a 1.600 y LTS versiones anteriores a 1.596.1, permite a atacantes remotos leer archivos XML arbitrarios por medio de un documento XML diseñado. (string)

}

]

id : CVE-2015-1811 (string)

lastModified : 2024-11-21T02:26:11.690 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-01-15T19:15:12.517 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://jenkins.io/security/advisory/2015-02-27/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://jenkins.io/security/advisory/2015-02-27/ (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-611 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "jenkins-0:1.609.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-broker-0:1.16.2.10-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-broker-util-0:1.36.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-logshifter-0:1.10.1.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-node-util-0:1.37.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rhc-0:1.37.1.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}, {"advisory": "RHSA-2015:1844", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2015-09-30T00:00:00Z"}], "bugzilla": {"description": "jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)", "id": "1205632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-611", "details": ["XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.", "It was found that Jenkins' XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server."], "name": "CVE-2015-1811", "public_date": "2015-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1811\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1811\nhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : jenkins-0:1.609.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-broker-0:1.16.2.10-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-broker-util-0:1.36.2.2-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-php-0:1.34.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-python-0:1.33.3.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-logshifter-0:1.10.1.2-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : openshift-origin-node-util-0:1.37.2.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rhc-0:1.37.1.2-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-console-0:1.35.2.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

20 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

21 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

22 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-node-0:1.37.1.1-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

23 : { »

advisory : RHSA-2015:1844 (string)

cpe : cpe:/a:redhat:openshift:2.0::el6 (string)

package : rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op (string)

product_name : Red Hat OpenShift Enterprise 2.2 (string)

release_date : 2015-09-30T00:00:00Z (string)

}

]

bugzilla : { »

description : jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167) (string)

id : 1205632 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1205632 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 3.5 (string)

cvss_scoring_vector : AV:N/AC:M/Au:S/C:P/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-611 (string)

details : [ »

0 : XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. (string)

1 : It was found that Jenkins' XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server. (string)

]

name : CVE-2015-1811 (string)

public_date : 2015-02-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-1811 https://nvd.nist.gov/vuln/detail/CVE-2015-1811 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object