CVE-2021-21642

CWE-611XML External Entity (XXE)6 documents6 sources
Severity
8.1HIGH
EPSS
0.3%
top 46.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Config File Provider PluginJenkins Config File Provider
Timeline
PublishedApr 21
Latest updateMay 24

Description

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin2022-05-24
OSV
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin2022-05-24
CVEList
CVE-2021-21642: Jenkins Config File Provider Plugin 32021-04-21

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2021-04-212021-04-21
Red Hat
jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.2021-04-21