CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10327

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

Products affected by CVE-2019-10327

Jenkins » Pipeline Maven Integration » Version: 0.1

cpe:2.3:a:jenkins:pipeline_maven_integration:0.1
Jenkins » Pipeline Maven Integration » Version: 0.2

cpe:2.3:a:jenkins:pipeline_maven_integration:0.2
Jenkins » Pipeline Maven Integration » Version: 0.3

cpe:2.3:a:jenkins:pipeline_maven_integration:0.3
Jenkins » Pipeline Maven Integration » Version: 0.4

cpe:2.3:a:jenkins:pipeline_maven_integration:0.4
Jenkins » Pipeline Maven Integration » Version: 0.5

cpe:2.3:a:jenkins:pipeline_maven_integration:0.5
Jenkins » Pipeline Maven Integration » Version: 0.6

cpe:2.3:a:jenkins:pipeline_maven_integration:0.6
Jenkins » Pipeline Maven Integration » Version: 0.7

cpe:2.3:a:jenkins:pipeline_maven_integration:0.7
Jenkins » Pipeline Maven Integration » Version: 1.7.0

cpe:2.3:a:jenkins:pipeline_maven_integration:1.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10327

Products

Pricing

Contact Us