CVE-2021-21669
published 2021-06-18CVE-2021-21669: Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | generic_webhook_trigger | <= 1.72 | — |
| jenkins | generic_webhook_trigger_plugin | — | — |
| jenkins_project | jenkins_generic_webhook_trigger_plugin | unspecified – 1.72 | — |