XML external entity (XXE) attacks in Jenkins Xcode integration Plugin

🗓️ 18 Mar 2022 17:43:52Reported by GitHub Advisory DatabaseType

Jenkins Xcode Plugin vulnerable to XML external entity attack

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
CNVD	CloudBees Jenkins Xcode Integration Plugin XML External Entity Injection Vulnerability	12 May 202100:00	–	cnvd
CVE	CVE-2021-21656	11 May 202115:15	–	cve
Prion	Xxe	11 May 202115:15	–	prion
Cvelist	CVE-2021-21656	11 May 202114:15	–	cvelist
NVD	CVE-2021-21656	11 May 202115:15	–	nvd
OSV	CVE-2021-21656	11 May 202115:15	–	osv
OSV	GHSA-WFXP-4QGW-QP3C XML external entity (XXE) attacks in Jenkins Xcode integration Plugin	18 Mar 202217:52	–	osv
Tenable Nessus	Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)	8 Nov 202100:00	–	nessus

Vulners

Node

org.jenkins-ci.plugins xcode-pluginRange<2.0.15

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-21656
jenkins	www.jenkins.io/security/advisory/2021-05-11/
github	www.github.com/jenkinsci/xcode-plugin/commit/01335f1f4734e4a7eda69b28e182ecd4c34a1a4b
github	www.github.com/advisories/GHSA-wfxp-4qgw-qp3c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Mar 2022 17:52Current

4.6Medium risk

Vulners AI Score4.6

CVSS25.5

CVSS37.1

EPSS0.00262

CWE-611