Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qc55-9uv5-nqbw
Vulnerability ID VCID-qc55-9uv5-nqbw
Aliases CVE-2015-1811
GHSA-qg7x-4h4q-3m49
Summary XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2015-1811
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=1205632
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1205632
cvssv3.1 7.5 https://jenkins.io/security/advisory/2015-02-27
generic_textual HIGH https://jenkins.io/security/advisory/2015-02-27
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-1811
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2015-1811
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1811.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1811
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
https://jenkins.io/security/advisory/2015-02-27
https://nvd.nist.gov/vuln/detail/CVE-2015-1811
RHSA-2015:1844 https://access.redhat.com/errata/RHSA-2015:1844
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1205632
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://jenkins.io/security/advisory/2015-02-27
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1811
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.3137
EPSS Score 0.00125
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:36:52.997143+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qg7x-4h4q-3m49/GHSA-qg7x-4h4q-3m49.json 38.6.0