{"url":"http://public2.vulnerablecode.io/api/packages/82129?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1","type":"maven","namespace":"org.jenkins-ci.plugins","name":"config-file-provider","version":"3.7.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"953.v0432a","latest_non_vulnerable_version":"953.v0432a","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55132?format=json","vulnerability_id":"VCID-869x-tjbg-dkbr","summary":"XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin\nJenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\nThis allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\nJenkins Config File Provider Plugin 3.7.1 disables external entity resolution for its XML parser.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21642.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21642","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53147","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53202","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.5321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53218","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.532","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53174","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53097","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53116","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.5314","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21642"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/5f845bc015be769e595088bab11ec36c767671e1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/5f845bc015be769e595088bab11ec36c767671e1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21642","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21642"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/21/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/04/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952146","reference_id":"1952146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952146"},{"reference_url":"https://github.com/advisories/GHSA-q7xg-hh3q-hc68","reference_id":"GHSA-q7xg-hh3q-hc68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q7xg-hh3q-hc68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2122","reference_id":"RHSA-2021:2122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2431","reference_id":"RHSA-2021:2431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2517","reference_id":"RHSA-2021:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82129?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1"}],"aliases":["CVE-2021-21642","GHSA-q7xg-hh3q-hc68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-869x-tjbg-dkbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54936?format=json","vulnerability_id":"VCID-sztq-6p4h-b7ex","summary":"CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files\nJenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.\n\nThis vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID.\n\nThis is due to an incomplete fix of [SECURITY-938](https://www.jenkins.io/security/advisory/2018-09-25/#SECURITY-938).\n\nJenkins Config File Provider Plugin 3.7.1 requires POST requests for the affected HTTP endpoint.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21644.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21644.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21644","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31348","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3175","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31782","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31761","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31731","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31561","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31748","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3188","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31923","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21644"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/9ffc32379477c4395ab17ff19b04b9f1286ceedb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/9ffc32379477c4395ab17ff19b04b9f1286ceedb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21644","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21644"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2202","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2202"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/21/2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/04/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952151","reference_id":"1952151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952151"},{"reference_url":"https://github.com/advisories/GHSA-998m-f2x3-jjq4","reference_id":"GHSA-998m-f2x3-jjq4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-998m-f2x3-jjq4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2122","reference_id":"RHSA-2021:2122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2431","reference_id":"RHSA-2021:2431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2517","reference_id":"RHSA-2021:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82129?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1"}],"aliases":["CVE-2021-21644","GHSA-998m-f2x3-jjq4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sztq-6p4h-b7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55391?format=json","vulnerability_id":"VCID-u2dp-1t5z-z7dm","summary":"Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs\nJenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints.\n\nThis allows attackers with Overall/Read permission to enumerate configuration file IDs.\n\nAn enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 requires the appropriate permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21645.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21645.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21645","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30227","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30683","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30654","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30636","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30423","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30309","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30624","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30808","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21645"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/b7f3c5150ad557e86414122c69be20075aee27fa","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/b7f3c5150ad557e86414122c69be20075aee27fa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21645","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21645"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2203","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2203"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/21/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/04/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952152","reference_id":"1952152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952152"},{"reference_url":"https://github.com/advisories/GHSA-2959-fj73-hm8p","reference_id":"GHSA-2959-fj73-hm8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2959-fj73-hm8p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2122","reference_id":"RHSA-2021:2122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2431","reference_id":"RHSA-2021:2431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2517","reference_id":"RHSA-2021:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82129?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1"}],"aliases":["CVE-2021-21645","GHSA-2959-fj73-hm8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2dp-1t5z-z7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57943?format=json","vulnerability_id":"VCID-xmyr-jaue-7ker","summary":"Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs\nJenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints.\n\nThis allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.\n\nAn enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21643.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21643","reference_id":"","reference_type":"","scores":[{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.7466","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74539","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74586","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.7461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.7459","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74619","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74626","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74617","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74658","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74533","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74538","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00832","scoring_system":"epss","scoring_elements":"0.74564","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21643"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin"},{"reference_url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/config-file-provider-plugin/commit/d615e3278358b033f5e8d0d2e3f38f467b0e29f2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21643","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21643"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/21/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/04/21/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952148","reference_id":"1952148","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952148"},{"reference_url":"https://github.com/advisories/GHSA-3m3f-2323-64m7","reference_id":"GHSA-3m3f-2323-64m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m3f-2323-64m7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2122","reference_id":"RHSA-2021:2122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2431","reference_id":"RHSA-2021:2431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2517","reference_id":"RHSA-2021:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82129?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1"}],"aliases":["CVE-2021-21643","GHSA-3m3f-2323-64m7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmyr-jaue-7ker"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/config-file-provider@3.7.1"}