CVE-2020-2144
published 2020-03-09CVE-2020-2144: Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | audit_trail_plugin | — | — |
| jenkins | backlog_plugin | — | — |
| jenkins | cobertura_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | cryptomove_plugin | — | — |
| jenkins | deployhub_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | literate_plugin | — | — |
| jenkins | logstash_plugin | — | — |
| jenkins | mac_cloud_host_launched_by_the_plugin | — | — |
| jenkins | mac_plugin | — | — |
| jenkins | openshift_deployer_plugin | — | — |
| jenkins | p4_plugin | — | — |
| jenkins | quality_gates_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | rundeck | <= 3.6.6 | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | skytap_cloud_ci_plugin | — | — |
| jenkins | sonar_quality_gates_plugin | — | — |
| jenkins | subversion_release_manager_plugin | — | — |
| jenkins | timestamper_plugin | — | — |
| jenkins | yaml_input_files_to_literate_plugin | — | — |
| jenkins | zephyr_enterprise_test_management_plugin | — | — |