CVE-2020-2170

2020-03-2517:15:15

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.3%

JSON

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.

CPENameOperatorVersion
rapiddeploy-plugineqrapiddeploy-jenkins-3.4
rapiddeploy-plugineqrapiddeploy-jenkins-3.2
rapiddeploy-plugineqrapiddeploy-jenkins-4.1
rapiddeploy-plugineqrapiddeploy-jenkins-3.6
rapiddeploy-plugineqrapiddeploy-jenkins-3.10
rapiddeploy-plugineqrapiddeploy-jenkins-3.9
rapiddeploy-plugineqrapiddeploy-jenkins-3.8
rapiddeploy-plugineqrapiddeploy-jenkins-4.2
rapiddeploy-plugineqrapiddeploy-jenkins-3.7
rapiddeploy-plugineqrapiddeploy-jenkins-3.1

Name	Operator	Version
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.4
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.2
rapiddeploy-plugin	eq	rapiddeploy-jenkins-4.1
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.6
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.10
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.9
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.8
rapiddeploy-plugin	eq	rapiddeploy-jenkins-4.2
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.7
rapiddeploy-plugin	eq	rapiddeploy-jenkins-3.1