cPanel Hudson up to 3.3.1 xml external entity reference

A vulnerability was found in cPanel Hudson up to 3.3.1 (Hosting Control Software). It has been declared as problematic. Affected by this vulnerability is an unknown code block. Upgrading to version 3.3.2 eliminates this vulnerability.

Field07/19/2022 11:36 AM08/06/2022 02:24 PM
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.94.9
cvss2_vuldb_tempscore4.34.3
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.35.3
cvss3_meta_basescore5.57.6
cvss3_meta_tempscore5.37.5
price_0day$0-$5k$0-$5k
vendorcPanelcPanel
nameHudsonHudson
version<=3.3.1<=3.3.1
cwe611 (xml external entity reference)611 (xml external entity reference)
risk11
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifierGHSA-j3h2-8mf8-j5r2GHSA-j3h2-8mf8-j5r2
urlhttps://github.com/advisories/GHSA-j3h2-8mf8-j5r2https://github.com/advisories/GHSA-j3h2-8mf8-j5r2
nameUpgradeUpgrade
upgrade_version3.3.23.3.2
cveCVE-2015-8031CVE-2015-8031
cve_assigned1446159600 (10/30/2015)1446159600 (10/30/2015)
cve_nvd_summaryHudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
typeHosting Control SoftwareHosting Control Software
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore9.8

Do you need the next level of professionalism?

Upgrade your account now!