CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-21677

CVE-2021-21677 affects Jenkins Code Coverage API Plugin for versions up to and including 1.4.0. The root cause is that the plugin does not apply Jenkins JEP-200 deserialization protection when deserializing Java objects from disk, enabling remote code execution. Connected advisories confirm the v...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Code Coverage API Plugin 1.4.0 and prior versions, which stems from an...

CVE-2021-24148

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address...

CVE-2020-15243

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...

CVE-2020-15243

CVE-2020-15243 affects Smartstore 4.0.0 and 4.0.1 with the Web API plugin installed and activated, where a missing WebApi Authentication attribute creates a vulnerability. The recommended remediations are to merge the 4.0.x branch (or overwrite the SmartStore.Web.Framework in the deployed shop’s ...

com.erudika:para-jar (=1.31.0), com.erudika:para-server (=1.31.0) +82 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (=5.1.0.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.erudika:para-jar =1.31.0 - com.erudika:para-serv...

CloudBees Jenkins ECharts API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ECharts API Plugin is used in one of the chart...

CloudBees Jenkins ECharts API Plugin Cross-Site Scripting Vulnerability (CNVD-2020-33741)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ECharts API Plugin is used in one of the chart...

CVE-2020-2193

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

Cross site scripting

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

PT-2020-15408 · Jenkins · Jenkins Echarts Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the display name of the builds in the trend chart. This can be exploited by use...

Xxe

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Vulnerability summary: Jenkins Code Coverage API Plugin (versions 1.1.4 and earlier) is affected by an XXE flaw caused by an unconfigured XML parser. This could allow a user who supplies input files for the “Publish Coverage Report” step to trigger external entities, potentially exposing secrets ...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Cross site scripting

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2020-2106

CVE-2020-2106 affects Jenkins Code Coverage API Plugin (versions ≤ 1.1.2). The vulnerability is a stored XSS: the plugin does not escape the coverage report filename in its view, enabling a user who can modify a Jenkins job configuration to inject malicious script. Exploitation context is restric...