CVE-2021-21659

HIGH

Jenkins URLTrigger Plugin < 0.48 - XML External Entity Injection

Title source: llm

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Core 2

Core References

Vendor Advisory x_refsource_confirm

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

CVSS v3 8.1

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Status published

Products (2)

jenkins/urltrigger < 0.48

org.jenkins-ci.plugins/urltrigger 0 - 0.49Maven

Published May 25, 2021

Tracked Since Feb 18, 2026