Jenkins Report Info XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Report Info. Authentication is required to exploit this vulnerability. The specific flaw exists within the PMD class. Due to the improper restriction of XML External Entity XXE...

Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311)

Summary Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. XML parser contains a...

Jenkins code issue vulnerability (CNVD-2021-93371)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...

Jenkins code issue vulnerability (CNVD-2021-93372)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project. a code issue vulnerability exists in Jenkins Plugin, which stems from the pom2config plugin version 1.2 and earlier not...

Jenkins code issue vulnerability (CNVD-2021-93373)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin that stems from the Performance plugin version 3.20 and earlier not...

Jenkins Performance XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Performance. Authentication is required to exploit this vulnerability. The specific flaw exists within the TaurusParser class. Due to the improper restriction of XML External Entity X...

Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins pom2config. Authentication is required to exploit this vulnerability. The specific flaw exists within the Pom2Config class. Due to the improper restriction of XML External Entity XXE...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8 (Moderate) (RHSA-2021:4677)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4677 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Server side request forgery (ssrf)

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

Xxe

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-43577

Summary: Jenkins OWASP Dependency-Check Plugin (version 5.1.1 and earlier) suffers an XXE flaw because its XML parser is not configured to block external entities. Impact (as described): a crafted XML file could cause Jenkins to parse external entities, enabling potential exposure of secrets and,...

CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

CVE-2021-43576

Summary : CVE-2021-43576 affects the Jenkins pom2config Plugin (versions 1.2 and earlier). The root cause is that the plugin does not configure its XML parser to disable XML External Entity (XXE) processing, allowing crafted XML to be parsed in Jenkins with insufficient access controls. Under the...

CVE-2021-21701

Summary: CVE-2021-21701 affects Jenkins Performance Plugin 3.20 and earlier. The root cause is an XML parser not configured to prevent XML External Entity (XXE) attacks. What’s affected: the Performance Plugin in Jenkins; versions ≤ 3.20. Impact (as described in connected sources): an attacker wi...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21701

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...