5 matches found
CVE-2026-57302
Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...
CVE-2020-2120
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...
CVE-2020-2120
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...
CVE-2020-2120
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...