CVE-2020-2171 — XML External Entity (XXE) Injection in Project Jenkins Rapiddeploy Plugin

Severity

8.8HIGHNVD

EPSS

0.1%

top 67.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 25

Latest updateMay 24

Description

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

OSV

XXE vulnerability in Jenkins RapidDeploy Plugin↗2022-05-24

▶

GHSA

XXE vulnerability in Jenkins RapidDeploy Plugin↗2022-05-24

▶

CVEList

CVE-2020-2171: Jenkins RapidDeploy Plugin 4↗2020-03-25

▶

Jenkins

Jenkins Security Advisory 2020-03-25↗2020-03-25

▶