Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: Jenkins Filesystem Trigger Plugin External Entity Injection

This signature detects attempts to exploit a known vulnerability against Jenkins. A successful attack can lead to sensitive information disclosure.

Extended Description

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Products

Jenkins urltrigger

References

CVE: CVE-2021-21672

URL: https://www.jenkins.io/security/advisory/2021-05-25/ https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2329

Short Name

HTTP:JENKINS-FILESYSTEM-XXE

Severity

Minor

Recommended

False

Recommended Action

None

Category

HTTP

Keywords

CVE-2021-21659 CVE-2021-21672 Entity External Filesystem Injection Jenkins Plugin Trigger

Release Date

07/08/2021

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3607

False Positive

Rarely

Vendors

Jenkins

CVSS Score

5.5

4.0