Jenkins Code Coverage Api vulnerabilities
3 known vulnerabilities affecting jenkins/code_coverage_api.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-21677HIGHCVSS 8.8≤ 1.4.02021-08-31
CVE-2021-21677 [HIGH] CWE-502 CVE-2021-21677: Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization pr
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
nvd
CVE-2020-2172MEDIUMCVSS 6.5≤ 1.1.42020-04-07
CVE-2020-2172 [MEDIUM] CWE-776 CVE-2020-2172: Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
nvd
CVE-2020-2106MEDIUMCVSS 5.4≤ 1.1.22020-01-29
CVE-2020-2106 [MEDIUM] CWE-79 CVE-2020-2106: Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage repo
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
nvd