Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Pom2config
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43576 1 Jenkins 1 Pom2config 2021-11-16 4.3 MEDIUM 6.5 MEDIUM
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.