CVE-2023-4218
Published: Nov 9, 2023
Modified: Sep 3, 2024
CVSS v3.1
5.0
Description
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
| Vendor | Product | Versions |
|---|---|---|
Eclipse Foundation | Eclipse IDE | affected 0 - < 4.29 |
Eclipse Foundation | Eclipse IDE | affected 0 - < 2023-09 |
Eclipse Foundation | org.eclipse.core.runtime | affected 0 - < 3.29.0 |
Eclipse Foundation | org.eclipse.pde | affected 0 - <= 3.13.2400 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now