CVE-2021-21657

HIGH

Jenkins Filesystem Trigger Plugin < 0.40 - XML External Entity Injection

Title source: llm
STIX 2.1

Description

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/25/3

Scores

CVSS v3 8.8
EPSS 0.0016
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
jenkins/filesystem_trigger < 0.40
org.jenkins-ci.plugins/fstrigger 0 - 0.41Maven
Published May 25, 2021
Tracked Since Feb 18, 2026