Jenkins Project Jenkins Flaky Test Handler Plugin vulnerabilities

CVE-2023-40342 [MEDIUM] CWE-79 CVE-2023-40342: Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

CVE-2022-28140 [HIGH] CWE-611 CVE-2022-28140: Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2020-2237 [MEDIUM] CWE-352 CVE-2020-2237: A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and ear A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.