-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe XXE vulnerability (CWE-611) indicates insecure XML parsing. Jenkins' advisory references SECURITY-167 involving external entity processing. In Java, this typically occurs when DocumentBuilderFactory/SAXParserFactory isn't properly secured. The function responsible for initializing the XML parser (like XStream2.createDefaultDocumentBuilderFactory) would be vulnerable if it didn't disable DTDs/external entities. While the exact patch isn't shown, this pattern matches standard XXE fixes and Jenkins' Java-based XML processing architecture.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.597, < 1.600 | 1.600 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.596.1 | 1.596.1 |
Ongoing coverage of React2Shell