High severityNVD Advisory· Published May 11, 2021· Updated Aug 3, 2024
CVE-2021-21656
CVE-2021-21656
Description
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:xcode-pluginMaven | < 2.0.15 | 2.0.15 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-wfxp-4qgw-qp3cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-21656ghsaADVISORY
- github.com/jenkinsci/xcode-plugin/commit/01335f1f4734e4a7eda69b28e182ecd4c34a1a4bghsaWEB
- www.jenkins.io/security/advisory/2021-05-11/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2021-05-11Jenkins Security Advisories · May 11, 2021