Jenkins code issue vulnerability (CNVD-2021-93371)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...

Jenkins Performance XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Performance. Authentication is required to exploit this vulnerability. The specific flaw exists within the TaurusParser class. Due to the improper restriction of XML External Entity X...

Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins pom2config. Authentication is required to exploit this vulnerability. The specific flaw exists within the Pom2Config class. Due to the improper restriction of XML External Entity XXE...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8 (Moderate) (RHSA-2021:4677)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4677 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Server side request forgery (ssrf)

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

Xxe

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-43577

Summary: Jenkins OWASP Dependency-Check Plugin (version 5.1.1 and earlier) suffers an XXE flaw because its XML parser is not configured to block external entities. Impact (as described): a crafted XML file could cause Jenkins to parse external entities, enabling potential exposure of secrets and,...

CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

CVE-2021-43576

Summary : CVE-2021-43576 affects the Jenkins pom2config Plugin (versions 1.2 and earlier). The root cause is that the plugin does not configure its XML parser to disable XML External Entity (XXE) processing, allowing crafted XML to be parsed in Jenkins with insufficient access controls. Under the...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21701

Summary: CVE-2021-21701 affects Jenkins Performance Plugin 3.20 and earlier. The root cause is an XML parser not configured to prevent XML External Entity (XXE) attacks. What’s affected: the Performance Plugin in Jenkins; versions ≤ 3.20. Impact (as described in connected sources): an attacker wi...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...

Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.4, or 2.x prior to 2.277.4.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenkin...

FortiPortal - XML parser is vulnerable to XXE attacks

An improper restriction of XML external entity reference vulnerability CWE-611 in the parser of XML responses of FortiPortal may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

Python < 2.7.14, 3.3.x < 3.3.7, 3.4.x < 3.4.7, 3.5.x < 3.5.4, 3.6.x < 3.6.2 Expat 2.2.1 (bpo-30694) - Windows

'Expat SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.118248";...