Android Lint Jenkins Android Lint

stack.watch can notify you when security vulnerabilities are reported in Jenkins Android Lint. You can add multiple products that you use with Android Lint to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Jenkins Android Lint with an average score of 5.4 out of ten. Last year Android Lint had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 1 5.40
2019 0 0.00
2018 1 8.30

It may take a day or so for new Android Lint vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Jenkins Android Lint Security Vulnerabilities

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips

CVE-2020-2262 5.4 - Medium - September 16, 2020

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.

CVE-2020-2262 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process

CVE-2018-1000055 8.3 - High - February 09, 2018

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

CVE-2018-1000055 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.

XXE