Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-s8m8-76fx-d3ec
Vulnerability ID VCID-s8m8-76fx-d3ec
Aliases CVE-2015-1809
GHSA-qj27-w92h-fc9r
Summary XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2015-1809
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=1205625
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1205625
cvssv3.1 7.5 https://jenkins.io/security/advisory/2015-02-27
generic_textual HIGH https://jenkins.io/security/advisory/2015-02-27
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-1809
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2015-1809
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1809.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1809
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
https://jenkins.io/security/advisory/2015-02-27
https://nvd.nist.gov/vuln/detail/CVE-2015-1809
RHSA-2015:1844 https://access.redhat.com/errata/RHSA-2015:1844
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1205625
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://jenkins.io/security/advisory/2015-02-27
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1809
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32341
EPSS Score 0.00132
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:42:55.661529+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj27-w92h-fc9r/GHSA-qj27-w92h-fc9r.json 38.6.0