CVE-2021-21642

Published: Apr 21, 2021
Updated: Oct 26, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-21642" target="_blank" rel="noopener"> CVE-2021-21642
GHSA: <a href="https://github.com/advisories/GHSA-q7xg-hh3q-hc68" target="_blank" rel="noopener"> GHSA-q7xg-hh3q-hc68
Severity: High
Exploit:

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
jenkins / config_file_provider	-	3.7.0.x
org.jenkins-ci.plugins / config-file-provider	-	3.7.1