CVE-2015-8031: XEE
First published: Fri Jul 15 2022(Updated: )
In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jvnet.hudson.main:hudson-core | <3.3.2 | 3.3.2 |
| Eclipse Hudson | <3.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2015-8031?
CVE-2015-8031 is a vulnerability in Hudson (aka org.jvnet.hudson.main:hudson-core) before version 3.3.2 that allows XXE attacks.
What is the severity of CVE-2015-8031?
CVE-2015-8031 has a severity level of critical, with a score of 9.8.
How does CVE-2015-8031 affect Hudson?
CVE-2015-8031 allows access to potentially sensitive information on the filesystem of the Hudson master server due to a flaw in its XML API processing.
How can I fix CVE-2015-8031?
To fix CVE-2015-8031, you need to update your Hudson installation to version 3.3.2 or higher.
Where can I find more information about CVE-2015-8031?
You can find more information about CVE-2015-8031 at the following references: [GitHub Advisory](https://github.com/advisories/GHSA-j3h2-8mf8-j5r2), [Snyk Vulnerability Database](https://security.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221), [Eclipse Hudson Wiki](https://wiki.eclipse.org/Hudson-ci/alerts/CVE-2015-8031).
- collector/github-advisory
- alias/GHSA-j3h2-8mf8-j5r2
- alias/CVE-2015-8031
- collector/nvd-index
- collector/nvd-cve
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- package-manager/maven
- vendor/eclipse
- canonical/eclipse hudson