CVE-2015-8031 — Hudson XML API susceptible to External Entity Injection Vunerability prior to v3

Description

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.

How to fix CVE-2015-8031

To remediate CVE-2015-8031, upgrade the affected package to a fixed version below.

Maven/org.jvnet.hudson.main:hudson-core—upgrade to 3.3.2 or later

Is CVE-2015-8031 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.3.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYgithub.com/advisories/GHSA-j3h2-8mf8-j5r2
ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-8031
PATCHgithub.com/hudson/hudson-2.x
WEBsecurity.snyk.io/vuln/SNYK-JAVA-ORGJVNETHUDSONMAIN-31221
WEB