CVE-2021-21656

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21656

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21656.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21656

Aliases

GHSA-wfxp-4qgw-qp3c

Published

2021-05-11T15:15:08Z

Modified

2025-01-14T08:52:25.404972Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2335

Affected packages

Git / github.com/jenkinsci/xcode-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/xcode-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

37f1b15435da4c2b9274c68b9a394965968014d2

Affected versions

1.*

1.0

1.0.1

1.1

xcode-plugin-1.*

xcode-plugin-1.2

xcode-plugin-1.2.1

xcode-plugin-1.2.2

xcode-plugin-1.3

xcode-plugin-1.3.1

xcode-plugin-1.3.2

xcode-plugin-1.3.3

xcode-plugin-1.4

xcode-plugin-1.4.1

xcode-plugin-1.4.10

xcode-plugin-1.4.11

xcode-plugin-1.4.2

xcode-plugin-1.4.3

xcode-plugin-1.4.4

xcode-plugin-1.4.5

xcode-plugin-1.4.6

xcode-plugin-1.4.7

xcode-plugin-1.4.8

xcode-plugin-1.4.9

xcode-plugin-2.*

xcode-plugin-2.0.0

xcode-plugin-2.0.1

xcode-plugin-2.0.10

xcode-plugin-2.0.11

xcode-plugin-2.0.12

xcode-plugin-2.0.13

xcode-plugin-2.0.14

xcode-plugin-2.0.2

xcode-plugin-2.0.3

xcode-plugin-2.0.4

xcode-plugin-2.0.5

xcode-plugin-2.0.6

xcode-plugin-2.0.7

xcode-plugin-2.0.7-alpha

xcode-plugin-2.0.8

xcode-plugin-2.0.9