CVE-2020-2170

Name of the Vulnerable Software and Affected Versions Jenkins RapidDeploy Plugin versions 4.2 and earlier

Description The issue arises from the plugin not escaping package names in the table of packages obtained from a remote server, resulting in a stored cross-site scripting (XSS) vulnerability. This could allow a remote attacker to perform cross-site scripting attacks. The vulnerability is exploitable by users who can configure jobs.

Recommendations For Jenkins RapidDeploy Plugin versions 4.2 and earlier, update to version 4.2.1 or later, which escapes package names and resolves the issue.