41 matches found
Cross site scripting
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2171
CVE-2020-2171 affects the Jenkins RapidDeploy Plugin (versions 4.2 and earlier). The root cause is a configured XML parser that does not disable XML external entity (XXE) processing, enabling an attacker to craft input files that may lead to secret extraction, server-side impacts, or DoS through ...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
PT-2020-5053 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin versions 4.2 and earlier Description: The issue arises from the plugin not escaping package names in the table of packages obtained from a remote server, resulting in a stored cross-site scripting XSS vulnerability...
PT-2020-5085 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin versions 4.2 and earlier Description: The issue is related to the incorrect restriction of XML links to external objects, which can be exploited to perform an XML external entity XXE attack. This allows a remote...
CloudBees Jenkins RapidDeploy Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
Information disclosure
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16571
The CVE-2019-16571 issue affects Jenkins RapidDeploy Plugin 4.1 and earlier, caused by a missing permission check. This permits attackers who hold Overall/Read permissions to connect to an attacker-specified web server. The publicly documented impact is enabling connections to an attacker-control...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16570
The CVE-2019-16570 entry describes a cross-site request forgery in Jenkins RapidDeploy Plugin (v4.1 and earlier). The vulnerability stems from insufficient validation, allowing an attacker to induce the target to connect to an attacker-specified web server. Affected software is the Jenkins RapidD...
PT-2019-14725 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin version 4.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified web server. Recommendations: For Jenkins RapidDeploy Plugin version 4.1 and earlier, updat...