) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jenkins:code_coverage_api:1.0.5:*:*:*:*:jenkins:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-21677 |
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. Published: August 31, 2021; 10:15:25 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-2172 |
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Published: April 07, 2020; 9:15:13 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2020-2106 |
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. Published: January 29, 2020; 11:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |