31 matches found
Cross-site Scripting (XSS)
Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...
io.jenkins.plugins:coverage-badges-extension (>=157.vf5d725246222 <=197.vb_390173d00ec) potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=2.1.0 <=2.2941.v08df75b_767f1)
io.jenkins.plugins:coverage MAVEN version =2.1.0, =157.vf5d725246222, =197.vb390173d00ec Source cves: CVE-2025-67641 Source advisory: SNYK:JAVA-IOJENKINSPLUGINS-14383149...
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
EUVD-2025-202455
Jenkins Coverage Plugin has a stored cross-site scripting XSS vulnerability...
Cross-site Scripting (XSS)
Overview io.jenkins.plugins:coverage is a Collects reports of code coverage or mutation coverage tools and visualizes the results. It has support for the following report formats: JaCoCo, Cobertura, and PIT. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...
GHSA-V3F3-RF6R-43X5 Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
The CVE-2025-67641 entry concerns the Jenkins Coverage Plugin (versions 2.3054.ve1ff7b_a_a_123b_ and earlier). The root cause is insufficient validation of the configured coverage results ID when creating coverage results, with validation only occurring during UI-based job configuration, enabling...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
Jenkins Coverage Plugin 安全漏洞
Jenkins Coverage Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and prior versions, which stems from an unvalidated configured Coverage Result ID, and could lead to a stored cross-site scripting vulnerability...
Jenkins plugins Multiple Vulnerabilities (2025-12-10)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...
EUVD-2022-3596
Malicious code in bioql PyPI...
EUVD-2022-5780
Malicious code in bioql PyPI...
GHSA-MFCW-83QG-4VW3 Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability...
Design/Logic Flaw
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...