2 matches found
io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2106 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)
io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2106 Source advisory: OSV:GHSA-XG77-XQHQ-CRPR...
CVE-2020-2106
CVE-2020-2106 affects Jenkins Code Coverage API Plugin (versions ≤ 1.1.2). The vulnerability is a stored XSS: the plugin does not escape the coverage report filename in its view, enabling a user who can modify a Jenkins job configuration to inject malicious script. Exploitation context is restric...