7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2015-1811

GHSA ID

GHSA-qg7x-4h4q-3m49

EPSS Score

0.32749%

CWE

Published

5/24/2022

Updated

1/30/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-1811

CVE-2015-1811: XML external entity (XXE) vulnerability in Jenkins

XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2015-1811

GHSA ID

GHSA-qg7x-4h4q-3m49

EPSS Score

0.32749%

CWE

Published

5/24/2022

Updated

1/30/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	>= 1.597, < 1.600	1.600
org.jenkins-ci.main:jenkins-core	maven	< 1.596.1	1.596.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The XXE vulnerability (CWE-611) indicates insecure XML parsing. Jenkins' advisory references SECURITY-167 involving external entity processing. In Java, this typically occurs when DocumentBuilderFactory/SAXParserFactory isn't properly secured. The function responsible for initializing the XML parser (like XStream2.createDefaultDocumentBuilderFactory) would be vulnerable if it didn't disable DTDs/external entities. While the exact patch isn't shown, this pattern matches standard XXE fixes and Jenkins' Java-based XML processing architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

XML *xt*rn*l *ntity (XX*) vuln*r**ility in J*nkins ***or* *.*** *n* LTS ***or* *.***.* *llows r*mot* *tt**k*rs to r*** *r*itr*ry XML *il*s vi* * *r**t** XML *o*um*nt.

Reasoning

T** XX* vuln*r**ility (*W*-***) in*i**t*s ins**ur* XML p*rsin*. J*nkins' **visory r***r*n**s S**URITY-*** involvin* *xt*rn*l *ntity pro**ssin*. In J*v*, t*is typi**lly o**urs w**n `*o*um*nt*uil**r***tory`/`S*XP*rs*r***tory` isn't prop*rly s**ur**. T*

7.5

Basic Information

Concerned about an active attack path?

CVE-2015-1811: XML external entity (XXE) vulnerability in Jenkins

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI