Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
code_coverage_api | le | 1.4.0 |