Количество 2
Количество 2
CVE-2021-43576
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
GHSA-ppv9-v43c-xqpp
XXE vulnerability in Jenkins pom2config Plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-43576 Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| GHSA-ppv9-v43c-xqpp XXE vulnerability in Jenkins pom2config Plugin | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу