Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2021-21677
- EPSS 1.2%
- Published 31.08.2021 14:15:25
- Last modified 21.11.2024 05:48:48
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
6.5
CVE-2020-2172
- EPSS 0.16%
- Published 07.04.2020 13:15:13
- Last modified 21.11.2024 05:24:51
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
5.4
CVE-2020-2106
- EPSS 0.23%
- Published 29.01.2020 16:15:12
- Last modified 21.11.2024 05:24:39
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
1