Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000010
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000010
댓글 0
| 번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
|---|---|---|---|---|
| 332 | CVE-2017-13146 (imagemagick) | 관리자 | 2017.08.27 | 16 |
| 331 | CVE-2017-13141 (imagemagick) | 관리자 | 2017.08.27 | 29 |
| 330 | CVE-2017-13145 (imagemagick) | 관리자 | 2017.08.27 | 26 |
| 329 | CVE-2017-13144 (imagemagick) | 관리자 | 2017.08.27 | 20 |
| 328 | CVE-2017-12858 (libzip) | 관리자 | 2017.08.27 | 18 |
| 327 | CVE-2017-12904 | 관리자 | 2017.08.27 | 15 |
| 326 | CVE-2017-13138 (bridge) | 관리자 | 2017.08.27 | 33 |
| 325 | CVE-2017-12791 | 관리자 | 2017.08.27 | 19 |
| 324 | CVE-2017-11610 | 관리자 | 2017.08.27 | 40 |
| 323 | CVE-2017-13137 (formcraft) | 관리자 | 2017.08.27 | 20 |
| 322 | CVE-2017-12844 | 관리자 | 2017.08.27 | 14 |
| 321 | CVE-2015-5224 | 관리자 | 2017.08.27 | 7 |
| 320 | CVE-2017-11159 | 관리자 | 2017.08.27 | 24 |
| 319 | CVE-2017-12965 (apache2triad) | 관리자 | 2017.08.27 | 18 |
| 318 | CVE-2017-12809 (qemu) | 관리자 | 2017.08.27 | 17 |