CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Stored XSS vulnerability in Jenkins FitNesse Plugin

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin. Jenkins FitNesse Plugin 1.32...

XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

GHSA-C3CG-MV5W-CVW8 XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

CloudBees Jenkins FitNesse Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

Cross site scripting

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

PT-2020-15388 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.31 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not correctly escape report contents before showing them on the Jenkins...

CloudBees Jenkins FitNesse plugin code issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

The CVE-2020-2120 relates to Jenkins FitNesse Plugin (versions 1.30 and earlier) where the XML parser is not configured to disable external entities (XXE). This can allow crafted input files supplied to the plugin’s post-build step to trigger XXE processing, enabling potential extraction of secre...

PT-2020-15327 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.30 and earlier Description: The issue allows a user who can control the input files for the post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...