CVE-2020-2170

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 53.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Rapiddeploy Plugin Jenkins Rapiddeploy

Timeline

PublishedMar 25

Latest updateMay 24

Description

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:rapiddeploy-jenkins< 4.2.1

▶CVEListV5jenkins_project/jenkins_rapiddeploy_pluginunspecified — 4.2

▶NVDjenkins/rapiddeploy4.2

🔴Vulnerability Details

OSV

Stored XSS vulnerability in Jenkins RapidDeploy Plugin↗2022-05-24

▶

GHSA

Stored XSS vulnerability in Jenkins RapidDeploy Plugin↗2022-05-24

▶

CVEList

CVE-2020-2170: Jenkins RapidDeploy Plugin 4↗2020-03-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-03-25↗2020-03-25

▶