VDB

CVE-2021-21642

CVE-2021-21642 PUBLISHED CVSS 5.5 MEDIUM

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

EPSS 0.30% · 53.5th percentile

Risk Scores

CVSS 2.0
5.5
EPSS Score
0.30%
53.5th percentile

Affected Products

VendorProductVersions
jenkinsconfig_file_provider0
Mavenorg.jenkins-ci.plugins:config-file-provider0
Jenkins projectJenkins Config File Provider Plugin*

Timeline

  • Apr 21, 2021 CVE Published
  • Apr 27, 2021 EPSS Score
  • Jun 30, 2021 EPSS Score
  • Nov 2, 2021 EPSS Score
  • Jan 3, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 9, 2022 EPSS Score
  • Sep 10, 2022 EPSS Score
  • Jan 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›