4 matches found
CVE-2020-2171
CVE-2020-2171 affects the Jenkins RapidDeploy Plugin (versions 4.2 and earlier). The root cause is a configured XML parser that does not disable XML external entity (XXE) processing, enabling an attacker to craft input files that may lead to secret extraction, server-side impacts, or DoS through ...
CVE-2020-2170
The CVE-2020-2170 entry concerns Jenkins RapidDeploy Plugin 4.2 and earlier, where displayed table data (package names) from a remote server is not escaped, causing a stored XSS vulnerability. Affected component: RapidDeploy Plugin’s UI rendering for the package table. Underlying issue: lack of p...
CVE-2019-16570
The CVE-2019-16570 entry describes a cross-site request forgery in Jenkins RapidDeploy Plugin (v4.1 and earlier). The vulnerability stems from insufficient validation, allowing an attacker to induce the target to connect to an attacker-specified web server. Affected software is the Jenkins RapidD...
CVE-2019-16571
The CVE-2019-16571 issue affects Jenkins RapidDeploy Plugin 4.1 and earlier, caused by a missing permission check. This permits attackers who hold Overall/Read permissions to connect to an attacker-specified web server. The publicly documented impact is enabling connections to an attacker-control...