CVE-2020-2144

Severity

7.1HIGH

EPSS

0.1%

top 79.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 9

Latest updateMay 24

Description

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

OSV

XXE vulnerability in Rundeck Plugin↗2022-05-24

▶

GHSA

XXE vulnerability in Rundeck Plugin↗2022-05-24

▶

CVEList

CVE-2020-2144: Jenkins Rundeck Plugin 3↗2020-03-09

▶

Jenkins

Jenkins Security Advisory 2020-03-09↗2020-03-09

▶