Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for rapiddeploy by jenkins

    CVE-2020-2171 (GCVE-0-2020-2171)

    Vulnerability from cvelistv5 – Published: 2020-03-25 16:05 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:40.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
              },
              {
                "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:18.194Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
            },
            {
              "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
                },
                {
                  "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2171",
        "datePublished": "2020-03-25T16:05:39.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:40.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2170 (GCVE-0-2020-2170)

    Vulnerability from cvelistv5 – Published: 2020-03-25 16:05 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:40.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
              },
              {
                "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:17.026Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
            },
            {
              "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2170",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
                },
                {
                  "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2170",
        "datePublished": "2020-03-25T16:05:38.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:40.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16571 (GCVE-0-2019-16571)

    Vulnerability from cvelistv5 – Published: 2019-12-17 14:40 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.1 (custom)
    Unknown: next of 4.1 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:41.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
              },
              {
                "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:51:04.387Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
            },
            {
              "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-16571",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
                },
                {
                  "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-16571",
        "datePublished": "2019-12-17T14:40:55.000Z",
        "dateReserved": "2019-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:41.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16570 (GCVE-0-2019-16570)

    Vulnerability from cvelistv5 – Published: 2019-12-17 14:40 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.1 (custom)
    Unknown: next of 4.1 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:40.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
              },
              {
                "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:51:03.210Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
            },
            {
              "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-16570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
                },
                {
                  "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-16570",
        "datePublished": "2019-12-17T14:40:54.000Z",
        "dateReserved": "2019-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:40.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2171 (GCVE-0-2020-2171)

    Vulnerability from nvd – Published: 2020-03-25 16:05 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:40.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
              },
              {
                "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:18.194Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
            },
            {
              "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1677"
                },
                {
                  "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2171",
        "datePublished": "2020-03-25T16:05:39.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:40.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2170 (GCVE-0-2020-2170)

    Vulnerability from nvd – Published: 2020-03-25 16:05 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:40.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
              },
              {
                "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:17.026Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
            },
            {
              "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2170",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676"
                },
                {
                  "name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2170",
        "datePublished": "2020-03-25T16:05:38.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:40.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16571 (GCVE-0-2019-16571)

    Vulnerability from nvd – Published: 2019-12-17 14:40 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.1 (custom)
    Unknown: next of 4.1 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:41.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
              },
              {
                "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:51:04.387Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
            },
            {
              "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-16571",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
                },
                {
                  "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-16571",
        "datePublished": "2019-12-17T14:40:55.000Z",
        "dateReserved": "2019-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:41.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16570 (GCVE-0-2019-16570)

    Vulnerability from nvd – Published: 2019-12-17 14:40 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins RapidDeploy Plugin Affected: unspecified , ≤ 4.1 (custom)
    Unknown: next of 4.1 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:40.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
              },
              {
                "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins RapidDeploy Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "4.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:51:03.210Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
            },
            {
              "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-16570",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins RapidDeploy Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1604"
                },
                {
                  "name": "[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-16570",
        "datePublished": "2019-12-17T14:40:54.000Z",
        "dateReserved": "2019-09-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:40.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }