Jenkins Metrics Plugin Security Vulnerabilities
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
8.2CVSS
8.2AI Score
0.001EPSS
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update...
5.4CVSS
5.3AI Score
0.001EPSS
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to...
4.3CVSS
4.3AI Score
0.001EPSS
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file...
5.5CVSS
5.2AI Score
0.0004EPSS
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this...
6.1CVSS
5.9AI Score
0.973EPSS