31 matches found
Cross-site Scripting (XSS)
Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...
GHSA-V3F3-RF6R-43X5 Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
Cross-site Scripting (XSS)
Overview io.jenkins.plugins:coverage is a Collects reports of code coverage or mutation coverage tools and visualizes the results. It has support for the following report formats: JaCoCo, Cobertura, and PIT. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...
EUVD-2025-202455
Jenkins Coverage Plugin has a stored cross-site scripting XSS vulnerability...
io.jenkins.plugins:coverage-badges-extension (>=157.vf5d725246222 <=197.vb_390173d00ec) potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=2.1.0 <=2.2941.v08df75b_767f1)
io.jenkins.plugins:coverage MAVEN version =2.1.0, =157.vf5d725246222, =197.vb390173d00ec Source cves: CVE-2025-67641 Source advisory: SNYK:JAVA-IOJENKINSPLUGINS-14383149...
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
The CVE-2025-67641 entry concerns the Jenkins Coverage Plugin (versions 2.3054.ve1ff7b_a_a_123b_ and earlier). The root cause is insufficient validation of the configured coverage results ID when creating coverage results, with validation only occurring during UI-based job configuration, enabling...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
Jenkins plugins Multiple Vulnerabilities (2025-12-10)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...
Jenkins Coverage Plugin 安全漏洞
Jenkins Coverage Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and prior versions, which stems from an unvalidated configured Coverage Result ID, and could lead to a stored cross-site scripting vulnerability...
EUVD-2022-5780
Malicious code in bioql PyPI...
EUVD-2022-3596
Malicious code in bioql PyPI...
GHSA-MFCW-83QG-4VW3 Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...
Design/Logic Flaw
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...