39 matches found
EUVD-2022-3686
Malicious code in bioql PyPI...
EUVD-2022-4489
Malicious code in bioql PyPI...
EUVD-2022-3921
Malicious code in bioql PyPI...
EUVD-2022-3262
Malicious code in bioql PyPI...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
GHSA-G7W4-R4MG-GVHX XXE vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...
XXE vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...
Stored XSS vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure jobs. RapidDeploy Plugin 4.2.1 escapes package names...
GHSA-F4GQ-7HVF-FJM3 Stored XSS vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure jobs. RapidDeploy Plugin 4.2.1 escapes package names...
Jenkins RapidDeploy Plugin missing permission check
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CloudBees Jenkins RapidDeploy plugin code issue vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...
CloudBees Jenkins RapidDeploy plugin cross-site scripting vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
Cross site scripting
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...