What is CVE-2021-21669?

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. Jenkins Generic Webhook Trigger Plugin 1.74 disables external entity resolution for its XML parser.

What is the severity of CVE-2021-21669?

CVE-2021-21669 has a CVSS v3 score of 9.8, which is classified as Critical severity.

Is there an exploit available for CVE-2021-21669?

No known public exploits are currently available for CVE-2021-21669.

Is there a patch available for CVE-2021-21669?

Yes, patches are available for CVE-2021-21669. Check the vendor advisories for update instructions.

CVE-2021-21669 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

CVE-2021-21669 - CVE Details, Severity, and Analysis | Strobes VI

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Jenkins	Generic Webhook Trigger

Advisories

GitHub Advisory

NVD: Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.