51 matches found
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
Cross site scripting
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
Xxe
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2171
CVE-2020-2171 affects the Jenkins RapidDeploy Plugin (versions 4.2 and earlier). The root cause is a configured XML parser that does not disable XML external entity (XXE) processing, enabling an attacker to craft input files that may lead to secret extraction, server-side impacts, or DoS through ...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2170
The CVE-2020-2170 entry concerns Jenkins RapidDeploy Plugin 4.2 and earlier, where displayed table data (package names) from a remote server is not escaped, causing a stored XSS vulnerability. Affected component: RapidDeploy Plugin’s UI rendering for the package table. Underlying issue: lack of p...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability...
PT-2020-5053 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin versions 4.2 and earlier Description: The issue arises from the plugin not escaping package names in the table of packages obtained from a remote server, resulting in a stored cross-site scripting XSS vulnerability...
PT-2020-5085 · Jenkins · Jenkins Rapiddeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RapidDeploy Plugin versions 4.2 and earlier Description: The issue is related to the incorrect restriction of XML links to external objects, which can be exploited to perform an XML external entity XXE attack. This allows a remote...
CloudBees Jenkins RapidDeploy Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CloudBees Jenkins RapidDeploy plugin cross-site request forgery vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16571
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
CVE-2019-16570
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server...