-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jvnet.hudson.main:hudson-core | maven | < 3.3.2 | 3.3.2 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability (CWE-611) stems from insecure XML parsing in Hudson's API endpoints. XXE vulnerabilities typically occur when XML parsers are configured to resolve external entities. The affected functions likely involve XML deserialization without disabling DTDs or external entities. Common Java XML parsing patterns (e.g., using DocumentBuilderFactory without FEATURE_SECURE_PROCESSING) would make these functions vulnerable. The Hudson XML API endpoints, such as those handling job configurations or system data retrieval, are prime candidates. The high confidence stems from the explicit mention of the XML API in the CVE description and the nature of XXE flaws in Java XML processing.