What is the severity of CVE-2023-37942?

CVE-2023-37942 is classified as a high severity vulnerability due to its potential for XML external entity (XXE) attacks.

How do I fix CVE-2023-37942?

To fix CVE-2023-37942, update the Jenkins External Monitor Job Type Plugin to version 207.v98a or later.

What versions of the Jenkins External Monitor Job Type Plugin are affected by CVE-2023-37942?

Versions 206.v9a_94ff0b_4a_10 and earlier of the Jenkins External Monitor Job Type Plugin are affected by CVE-2023-37942.

Is CVE-2023-37942 related to information disclosure risks?

Yes, CVE-2023-37942 poses information disclosure risks due to the potential exploitation of XML external entity processing.

Can CVE-2023-37942 be exploited remotely?

Yes, CVE-2023-37942 can be exploited remotely if an attacker can control the XML input.

Vulnerability/
CVE-2023-37942

medium

6.5

CWE

611

12/7/2023

7/11/2024

CVE-2023-37942: XEE

First published: Wed Jul 12 2023(Updated: )

Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins External Monitor Job Type	<=206.v9a_94ff0b_4a_10
maven/org.jenkins-ci.plugins:external-monitor-job	<207.v98a	207.v98a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-37942?
CVE-2023-37942 is classified as a high severity vulnerability due to its potential for XML external entity (XXE) attacks.
How do I fix CVE-2023-37942?
To fix CVE-2023-37942, update the Jenkins External Monitor Job Type Plugin to version 207.v98a or later.
What versions of the Jenkins External Monitor Job Type Plugin are affected by CVE-2023-37942?
Versions 206.v9a_94ff0b_4a_10 and earlier of the Jenkins External Monitor Job Type Plugin are affected by CVE-2023-37942.
Is CVE-2023-37942 related to information disclosure risks?
Yes, CVE-2023-37942 poses information disclosure risks due to the potential exploitation of XML external entity processing.
Can CVE-2023-37942 be exploited remotely?
Yes, CVE-2023-37942 can be exploited remotely if an attacker can control the XML input.

collector/github-advisory-latest
alias/GHSA-g4c3-4f3v-84x8
alias/CVE-2023-37942
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/softwarecombine
agent/first-publish-date
agent/references
agent/type
agent/author
agent/weakness
agent/severity
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-latest
package-manager/maven
vendor/jenkins
canonical/jenkins external monitor job type
version/jenkins external monitor job type/206.v9a_94ff0b_4a_10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.