4 matches found
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Jenkins Generic Webhook Trigger Plugin External Entity Injection (CVE-2021-21669)
An XXE vulnerability exists in Jenkins Generic Webhook Trigger Plugin. The vulnerability is due to insufficient validation of input parameters. Successful exploitation could lead to the disclosure of file contents for any file readable by Jenkins...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
CVE-2021-21669 affects the Jenkins Generic Webhook Trigger Plugin (versions 1.72 and earlier). The root cause is an XML parser that does not disable external entity resolution, enabling XML External Entity (XXE) attacks. Exploitation could allow a crafted webhook payload to cause leakage of file ...