Maven package
org.jenkins-ci.plugins/rapiddeploy-jenkins
pkg:maven/org.jenkins-ci.plugins/rapiddeploy-jenkins
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2171 | Hig | 8.8 | < 4.2.1 | 4.2.1 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |
| CVE-2020-2170 | Med | 5.4 | < 4.2.1 | 4.2.1 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | |
| CVE-2019-16571 | Med | 4.3 | <= 4.1 | — | Dec 17, 2019 | A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | |
| CVE-2019-16570 | Hig | 8.8 | <= 4.1 | — | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. |
- affected < 4.2.1fixed 4.2.1
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- affected < 4.2.1fixed 4.2.1
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
- affected <= 4.1
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
- affected <= 4.1
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.