io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2021-21677 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2021-21677 Source advisory: OSV:GHSA-58PR-HPRX-7HG6...

RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2172 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2172 Source advisory: OSV:GHSA-CMGM-Q8HF-P7JC...

GHSA-CMGM-Q8HF-P7JC XXE vulnerability in Jenkins Code Coverage API Plugin

Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entities for...

XXE vulnerability in Jenkins Code Coverage API Plugin

Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entities for...

io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2106 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2106 Source advisory: OSV:GHSA-XG77-XQHQ-CRPR...

Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...

GHSA-XG77-XQHQ-CRPR Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...

Frelatage - The Python Fuzzer That The World Deserves

pip3 install frelatage Current release :0.0.7 Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PythonFuzz. The main purpose of the project is to take...

Finding 0-days with Jackalope

ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

Remote code execution

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-21677

CVE-2021-21677 affects Jenkins Code Coverage API Plugin for versions up to and including 1.4.0. The root cause is that the plugin does not apply Jenkins JEP-200 deserialization protection when deserializing Java objects from disk, enabling remote code execution. Connected advisories confirm the v...

PT-2021-14720 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.4.0 and earlier Description: The issue results from the Jenkins Code Coverage API Plugin not applying Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk. This leads...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Code Coverage API Plugin 1.4.0 and prior versions, which stems from an...

GHSA-QVP4-RPMR-XWRR Possible bypass of token claim validation when OAuth2 Introspection caching is enabled

Impact When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope bar is made before the cache has...

aflnet

It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...

CloudBees Jenkins Code Coverage API Plugin XXE Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Code Covera...