org.jenkins-ci.plugins:junit
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:junitpage 1 of 1
- CVE-2018-1000056HIGHCVSS 8.3EG 8.3✓ Fixed in 1.242018-02-09
vulnerable: 1.0 ... 1.9 (29 versions)
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side requ…
- CVE-2018-1000411MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.262019-01-09
vulnerable: 1.0 ... 1.9 (31 versions)
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
- CVE-2022-34176MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1119.1121.vc43d0fc455612022-06-23
vulnerable: 1.0 ... 1119.va_a_5e9068da_d7 (74 versions)
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
- CVE-2022-45380MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1160.vf1f01a_a_ea_b_7f2022-11-15
vulnerable: 1.0 ... 1159.v0b_396e1e07dd (84 versions)
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Conf…
- CVE-2023-25761MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1166.1168.vd6b_8042a_06de2023-02-15
vulnerable: 1.0 ... 1166.va_436e268e972 (86 versions)
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class n…
Check whether org.jenkins-ci.plugins:junit is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:junit CVEs against the assets you own.
Start Free Scan →