Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Trials and Demos

HTTP: Jenkins Config File Provider Plugin External Entity Injection

This signature detects attempts to exploit a known vulnerability against Jenkins. A successful attack can lead to sensitive information disclosure.

Extended Description

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Products

Jenkins config_file_provider

References

CVE: CVE-2021-21642

URL: https://www.jenkins.io/security/advisory/2021-04-21/

Short Name

HTTP:CTS:JENKINS-CONFIG-XXE

Severity

Minor

Recommended

False

Recommended Action

Drop

Category

HTTP

Keywords

CVE-2021-21642 Config Entity External File Injection Jenkins Plugin Provider

Release Date

08/20/2021

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3412

False Positive

Unknown

Vendors

Jenkins

CVSS Score

5.5