3 matches found
org.jenkins-ci.plugins:xtrigger (>=0.1 <=0.54) potentially affected by CVE-2021-21657 via org.jenkins-ci.plugins:fstrigger (>=0.10.1 <=0.34)
org.jenkins-ci.plugins:fstrigger MAVEN version =0.10.1, =0.1, =0.54 Source cves: CVE-2021-21657 Source advisory: OSV:GHSA-CPHV-7CXW-5HCC...
CVE-2021-21657
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21657
CVE-2021-21657 affects Jenkins Filesystem Trigger Plugin up to version 0.40. The root cause is that the plugin’s XML parser does not disable external entity resolution, enabling XXE attacks. Impact statements from multiple sources describe potential extraction of secrets from the Jenkins controll...