CVE-2020-2171

Name of the Vulnerable Software and Affected Versions Jenkins RapidDeploy Plugin versions 4.2 and earlier

Description The issue is related to the incorrect restriction of XML links to external objects, which can be exploited to perform an XML external entity (XXE) attack. This allows a remote attacker to extract secrets from the Jenkins controller, perform server-side request forgery, or launch denial-of-service attacks by controlling the input files for the 'RapidDeploy deployment package build' build or post-build step.

Recommendations For Jenkins RapidDeploy Plugin versions 4.2 and earlier, update to version 4.2.1 or later, which disables external entity resolution for its XML parser.