Vulnerability in Jenkins Project Urltrigger Plugin

CVE-2021-21659

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

EPSS: 0.668 (99.2th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Urltrigger Plugin — versions unspecified

References

www.jenkins.io/security/advisory/2021-05-25/ (x_refsource_CONFIRM)
[oss-security] 20210525 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)