We found results for “”
CVE-2021-43577
Good to know:
Date: November 12, 2021
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Restriction of XML External Entity Reference ('XXE')
CWE-611Top Fix
Upgrade Version
Upgrade to version org.jenkins-ci.plugins:dependency-check-jenkins-plugin:5.1.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | SINGLE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |