XML External Entity Vulnerability in Jenkins Nested View Plugin
CVE-2021-21680
7.1HIGH
Summary
The Jenkins Nested View Plugin versions 1.20 and earlier suffer from an XML external entity (XXE) vulnerability, which occurs due to improper configuration of its XML transformer. This flaw allows attackers to exploit this vulnerability by crafting malicious XML input, potentially leading to unauthorized information disclosure or server-side request forgery (SSRF) attacks. It is crucial for users to upgrade to a later, patched version to mitigate the risks associated with this vulnerability.
Affected Version(s)
Jenkins Nested View Plugin <= 1.20
Jenkins Nested View Plugin 1.19.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved