XML External Entity Vulnerability in Jenkins Nested View Plugin
CVE-2021-21680

7.1HIGH

Key Information:

Vendor
Jenkins
Vendor
CVE Published:
31 August 2021

Summary

The Jenkins Nested View Plugin versions 1.20 and earlier suffer from an XML external entity (XXE) vulnerability, which occurs due to improper configuration of its XML transformer. This flaw allows attackers to exploit this vulnerability by crafting malicious XML input, potentially leading to unauthorized information disclosure or server-side request forgery (SSRF) attacks. It is crucial for users to upgrade to a later, patched version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Jenkins Nested View Plugin <= 1.20

Jenkins Nested View Plugin 1.19.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.