{"id":"CVE-2019-10466","details":"An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.","aliases":["GHSA-346g-jrx9-jgf4"],"modified":"2026-04-02T01:29:16.589544Z","published":"2019-10-23T13:15:10.830Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/10/23/2"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-10-23/#SECURITY-822"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/fireline-plugin","events":[{"introduced":"0"},{"last_affected":"7bf5861fb4f1b084696deb93e05de9f57e5e5272"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.2"}]}}],"versions":["Fireline_Plugin-1.4.20","fireline-1.0","fireline-1.3","fireline-1.4","fireline-1.4.1","fireline-1.4.21","fireline-1.4.22","fireline-1.4.3","fireline-1.4.4","fireline-1.4.4.2","fireline-1.4.40","fireline-1.4.41","fireline-1.4.42","fireline-1.4.43","fireline-1.4.60","fireline-1.4.61","fireline-1.4.80","fireline-1.4.81","fireline-1.4.82","fireline-1.4.83","fireline-1.4.84","fireline-1.4.90","fireline-1.4.91","fireline-1.5.0","fireline-1.5.1","fireline-1.5.10","fireline-1.5.11","fireline-1.5.12","fireline-1.5.13","fireline-1.5.14","fireline-1.5.15","fireline-1.5.16","fireline-1.5.17","fireline-1.5.18","fireline-1.5.2","fireline-1.5.3","fireline-1.5.4","fireline-1.5.5","fireline-1.5.6","fireline-1.5.7","fireline-1.5.8","fireline-1.5.9","fireline-1.6.18","fireline-1.6.2","fireline-1.7.0","fireline-1.7.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10466.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}