41 matches found
EUVD-2022-3262
Malicious code in bioql PyPI...
EUVD-2022-4489
Malicious code in bioql PyPI...
EUVD-2022-3686
Malicious code in bioql PyPI...
EUVD-2022-3921
Malicious code in bioql PyPI...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
XXE vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...
GHSA-G7W4-R4MG-GVHX XXE vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...
GHSA-F4GQ-7HVF-FJM3 Stored XSS vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure jobs. RapidDeploy Plugin 4.2.1 escapes package names...
Stored XSS vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to configure jobs. RapidDeploy Plugin 4.2.1 escapes package names...
Jenkins RapidDeploy Plugin missing permission check
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects, allowing attackers to execute XXE attacks.
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an XXE attack remotely...
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module, related to the lack of security measures for the website structure, allows attackers to execute cross-site scripting attacks.
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CloudBees Jenkins RapidDeploy plugin cross-site scripting vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...
CloudBees Jenkins RapidDeploy plugin code issue vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...