Maven package
org.jenkins-ci.plugins/junit
pkg:maven/org.jenkins-ci.plugins/junit
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25761 | — | < 1166.1168.vd6b_8042a_06de | 1166.1168.vd6b_8042a_06de | Feb 15, 2023 | Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by | ||
| CVE-2022-45380 | — | < 1160.vf1f01a_a_ea_b_7f | 1160.vf1f01a_a_ea_b_7f | Nov 15, 2022 | Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2022-34176 | — | < 1119.1121.vc43d0fc45561 | 1119.1121.vc43d0fc45561 | Jun 22, 2022 | Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | ||
| CVE-2018-1000411 | — | < 1.26 | 1.26 | Jan 9, 2019 | A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. | ||
| CVE-2018-1000056 | — | < 1.24 | 1.24 | Feb 9, 2018 | Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks |
- CVE-2023-25761Feb 15, 2023affected < 1166.1168.vd6b_8042a_06defixed 1166.1168.vd6b_8042a_06de
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by
- CVE-2022-45380Nov 15, 2022affected < 1160.vf1f01a_a_ea_b_7ffixed 1160.vf1f01a_a_ea_b_7f
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2022-34176Jun 22, 2022affected < 1119.1121.vc43d0fc45561fixed 1119.1121.vc43d0fc45561
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
- CVE-2018-1000411Jan 9, 2019affected < 1.26fixed 1.26
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
- CVE-2018-1000056Feb 9, 2018affected < 1.24fixed 1.24
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks