Skip to main content

Code Coverage Api

3 CVEs product

Monthly

CVE-2021-21677 Maven HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins Java Code Coverage Api
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-2172 Maven MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Code Coverage Api
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-2106 Maven MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Code Coverage Api
NVD
CVSS 3.1
5.4
EPSS
0.7%
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Code Coverage Api
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Code Coverage Api
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy