17 matches found
EUVD-2022-4489
Malicious code in bioql PyPI...
EUVD-2022-3686
Malicious code in bioql PyPI...
EUVD-2022-3921
Malicious code in bioql PyPI...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
GHSA-G7W4-R4MG-GVHX XXE vulnerability in Jenkins RapidDeploy Plugin
RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'RapidDeploy deployment package build' build or post-build step to have Jenkins parse a crafted file that uses external...
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects, allowing attackers to execute XXE attacks.
The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an XXE attack remotely...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Cross site scripting
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
Information disclosure
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16570
The CVE-2019-16570 entry describes a cross-site request forgery in Jenkins RapidDeploy Plugin (v4.1 and earlier). The vulnerability stems from insufficient validation, allowing an attacker to induce the target to connect to an attacker-specified web server. Affected software is the Jenkins RapidD...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
PT-2019-14726 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin versions 4.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified web server. Recommendations: For Jenkins RapidDeploy...
PT-2019-14725 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin version 4.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified web server. Recommendations: For Jenkins RapidDeploy Plugin version 4.1 and earlier, updat...