Code Coverage Api Security Vulnerabilities and Issues — Code Coverage Api CVE List

JenkinsCode Coverage Api

3 matches found

CVE•added 2020/01/29 3:15 p.m.•86 views

CVE-2020-2106

CVE-2020-2106 affects Jenkins Code Coverage API Plugin (versions ≤ 1.1.2). The vulnerability is a stored XSS: the plugin does not escape the coverage report filename in its view, enabling a user who can modify a Jenkins job configuration to inject malicious script. Exploitation context is restric...

5.4CVSS5.6AI score0.00195EPSS

CVE•added 2021/08/31 1:50 p.m.•80 views

CVE-2021-21677

CVE-2021-21677 affects Jenkins Code Coverage API Plugin for versions up to and including 1.4.0. The root cause is that the plugin does not apply Jenkins JEP-200 deserialization protection when deserializing Java objects from disk, enabling remote code execution. Connected advisories confirm the v...

8.8CVSS9.1AI score0.01198EPSS

CVE•added 2020/04/07 12:25 p.m.•61 views

CVE-2020-2172

Vulnerability summary: Jenkins Code Coverage API Plugin (versions 1.1.4 and earlier) is affected by an XXE flaw caused by an unconfigured XML parser. This could allow a user who supplies input files for the “Publish Coverage Report” step to trigger external entities, potentially exposing secrets ...

6.5CVSS6.5AI score0.00155EPSS