Jenkins: >> Code Coverage Api >> 1.0.5 Security Vulnerabilities
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.021
Published
2021-08-31
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-07
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-01-29