Jenkins Project Jenkins Code Coverage Api Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_code_coverage_api_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-21677HIGHCVSS 8.8≥ unspecified, ≤ 1.4.02021-08-31
CVE-2021-21677 [HIGH] CWE-502 CVE-2021-21677: Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization pr
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
cvelistv5nvd
CVE-2020-2172MEDIUMCVSS 6.5≥ unspecified, ≤ 1.1.42020-04-07
CVE-2020-2172 [MEDIUM] CWE-776 CVE-2020-2172: Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
cvelistv5nvd
CVE-2020-2106MEDIUMCVSS 5.4≥ unspecified, ≤ 1.1.22020-01-29
CVE-2020-2106 [MEDIUM] CWE-79 CVE-2020-2106: Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage repo
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
cvelistv5nvd