CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

CVE-2026-57302

CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Stored XSS vulnerability in Jenkins FitNesse Plugin

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin. Jenkins FitNesse Plugin 1.32...

XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

GHSA-C3CG-MV5W-CVW8 XXE vulnerability in FitNesse Plugin

FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins...

CloudBees Jenkins FitNesse Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

Cross site scripting

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

PT-2020-15388 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.31 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not correctly escape report contents before showing them on the Jenkins...

CloudBees Jenkins FitNesse plugin code issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

CVE-2020-2120

The CVE-2020-2120 relates to Jenkins FitNesse Plugin (versions 1.30 and earlier) where the XML parser is not configured to disable external entities (XXE). This can allow crafted input files supplied to the plugin’s post-build step to trigger XXE processing, enabling potential extraction of secre...

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

PT-2020-15327 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.30 and earlier Description: The issue allows a user who can control the input files for the post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...