20 matches found
EUVD-2022-5393
Malicious code in bioql PyPI...
EUVD-2022-4530
Malicious code in bioql PyPI...
XXE vulnerability in Jenkins Cobertura Plugin
Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external entities for...
GHSA-VPFJ-5GG5-FVFM XXE vulnerability in Jenkins Cobertura Plugin
Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external entities for...
GHSA-M935-CHFP-9F63 Arbitrary file write vulnerability in Jenkins Cobertura Plugin
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Cobertura Plugin 1.16 sanitizes the file paths to prevent escape from the base directory...
Arbitrary file write vulnerability in Jenkins Cobertura Plugin
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Cobertura Plugin 1.16 sanitizes the file paths to prevent escape from the base directory...
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2139
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...
CloudBees Jenkins Cobertura plugin code issue vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . Cobertura Plugin is used in one of the...
Cobertura Plugin File Execution Vulnerability
Cobertura is an open source tool that measures test coverage by inspecting the underlying code and observing what code is and is not executed when the test package is run. Cobertura Plugin has a file execution vulnerability that can be exploited by remote attackers with the help of specially...
CVE-2020-2139
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...
CVE-2020-2139
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Arbitrary file deletion
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...
CVE-2020-2139
The CVE concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where an arbitrary file write vulnerability lets attackers who can control the coverage report file contents overwrite arbitrary files on the Jenkins master filesystem. The root cause is the plugin’s path handling not preventing...
CVE-2020-2139
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...
CVE-2020-2138
The CVE-2020-2138 issue concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where the XML parser was not configured to prevent XML External Entity (XXE) attacks. The vulnerability allows a user who can control input files for the Publish Cobertura Coverage Report step to cause the Jenkin...
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2020-15349 · Jenkins · Jenkins Cobertura Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows a user who can control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external...