CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21657
https://notcve.org/view.php?id=CVE-2021-21657
Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Filesystem Trigger Plugin versiones 0.40 y anteriores, no configuran su analizador XML para impedir ataques de entidad externa XML (XXE) • http://www.openwall.com/lists/oss-security/2021/05/25/3 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2339 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21658
https://notcve.org/view.php?id=CVE-2021-21658
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Nuget Plugin versiones 1.0 y anteriores, no configuran su analizador XML para impedir ataques de entidad externa XML (XXE) • http://www.openwall.com/lists/oss-security/2021/05/25/3 https://www.jenkins.io/security/advisory/2021-05-25/#SECURITY-2340 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21656
https://notcve.org/view.php?id=CVE-2021-21656
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. El plugin de integración de Jenkins Xcode versiones 2.0.14 y anteriores no configuran su analizador XML para impedir ataques de entidades externas XML (XXE) • https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2335 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21655
https://notcve.org/view.php?id=CVE-2021-21655
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins P4 Plugin versiones 1.11.4 y anteriores, permite a atacantes conectarse a un servidor Perforce especificado por el atacante utilizando el nombre de usuario y la contraseña especificada por el atacante • https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21654
https://notcve.org/view.php?id=CVE-2021-21654
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin versiones 1.11.4 y anteriores, no llevan a cabo comprobaciones de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read conectarse a un servidor Perforce especificado por el atacante utilizar el nombre de usuario y la contraseña especificada por el atacante • https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327 •