CVE-2023-4218 MEDIUM

CVE-2023-4218: XXE in eclipse.platform / Eclipse IDE

Vendor Eclipse Foundation
Product Eclipse IDE
Weakness CWE-611 · XXE
Published November 9, 2023
Last update September 3, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

Key dates

02Disclosure timeline

November 9, 2023 CVE published
September 3, 2024 Record updated