CVE-2021-21669XML External Entity (XXE) Injection in Project Jenkins Generic Webhook Trigger Plugin

CWE-611XML External Entity (XXE) Injection5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 56.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Generic Webhook Trigger PluginJenkins Generic Webhook Trigger
Timeline
PublishedJun 18
Latest updateMay 24

Description

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin2022-05-24
OSV
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin2022-05-24
CVEList
CVE-2021-21669: Jenkins Generic Webhook Trigger Plugin 12021-06-18

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2021-06-182021-06-18
CVE-2021-21669 — XML External Entity (XXE) Injection | cvebase