io.jenkins.plugins:autograding (=4.2.0), io.jenkins.plugins:code-coverage-api (=4.99.0) +2 more potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=1.10.0 <=2.2941.v08df75b_767f1)

io.jenkins.plugins:coverage MAVEN version =1.10.0, =-rc6.886d29ff0f4d, =67.v35d155a1ffdf, =79.v78d40e1fc27e Source cves: CVE-2025-67641 Source advisory: OSV:GHSA-V3F3-RF6R-43X5...

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-40625 GeoServer Coverage REST API Allows Server Side Request Forgery

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer that stems from the Coverage rest api not restricting the URL for uploading files, which could lead to an attacker...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2021-21677 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2021-21677 Source advisory: OSV:GHSA-58PR-HPRX-7HG6...

io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2172 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2172 Source advisory: OSV:GHSA-CMGM-Q8HF-P7JC...

io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2106 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)

io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2106 Source advisory: OSV:GHSA-XG77-XQHQ-CRPR...

GHSA-XG77-XQHQ-CRPR Stored XSS vulnerability in Code Coverage API Plugin

Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. Code Coverage API Plugin 1.1.3 escapes the filename of...

CVE-2021-21677

CVE-2021-21677 affects Jenkins Code Coverage API Plugin for versions up to and including 1.4.0. The root cause is that the plugin does not apply Jenkins JEP-200 deserialization protection when deserializing Java objects from disk, enabling remote code execution. Connected advisories confirm the v...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CloudBees Jenkins Code Coverage API Plugin XXE Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Code Covera...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...