CVE-2021-43576 – Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-43576

12 Nov 2021 — Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. El plugin Jenkins pom2config versiones 1.2 y anteriores, no configura su analizador XML para prevenir ataques de entidad externa XML (XXE), permitiendo a atacantes con perm... • http://www.openwall.com/lists/oss-security/2021/11/12/1 • CWE-611: Improper Restriction of XML External Entity Reference •