Jenkins.URLTrigger.Plugin.XXE
Description
This indicates an attack attempt to exploit an External Entity Injection Vulnerability in Jenkins URLTrigger Plugin.
The vulnerability is due to insufficient validation of XML data when utilizing URLTrigger Plugin. A remote authenticated attacker could exploit this vulnerability by sending a crafted request. Successful exploitation could lead to the disclosure of file contents for any file readable by the jenkins.
Affected Products
Jenkins URLTrigger Plugin prior to 0.49
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.jenkins.io/security/advisory/2021-05-25/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |