3 matches found
io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2020-2172 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)
io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2020-2172 Source advisory: OSV:GHSA-CMGM-Q8HF-P7JC...
CVE-2020-2172
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2172
Vulnerability summary: Jenkins Code Coverage API Plugin (versions 1.1.4 and earlier) is affected by an XXE flaw caused by an unconfigured XML parser. This could allow a user who supplies input files for the “Publish Coverage Report” step to trigger external entities, potentially exposing secrets ...