CVE-2021-43576

Improper Restriction of XML External Entity Reference in maven/org.jenkins-ci.plugins/pom2config

Identifiers

CVE-2021-43576

Package Slug

maven/org.jenkins-ci.plugins/pom2config

Vulnerability

Improper Restriction of XML External Entity Reference

Description

Jenkins pom2config Plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Affected Versions

All versions up to 1.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-11-18

source