Maven package
org.jenkins-ci.plugins/rapiddeploy-jenkins
pkg:maven/org.jenkins-ci.plugins/rapiddeploy-jenkins
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2171 | — | < 4.2.1 | 4.2.1 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2020-2170 | — | < 4.2.1 | 4.2.1 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | ||
| CVE-2019-16571 | — | <= 4.1 | — | Dec 17, 2019 | A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||
| CVE-2019-16570 | — | <= 4.1 | — | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. |
- CVE-2020-2171Mar 25, 2020affected < 4.2.1fixed 4.2.1
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2020-2170Mar 25, 2020affected < 4.2.1fixed 4.2.1
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
- CVE-2019-16571Dec 17, 2019affected <= 4.1
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
- CVE-2019-16570Dec 17, 2019affected <= 4.1
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.