Jenkins Findbugs
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Findbugs . Findbugs did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.40 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Findbugs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Findbugs Security Vulnerabilities
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips
CVE-2020-2317
5.4 - Medium
- November 04, 2020
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
XSS
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process
CVE-2018-1000011
8.8 - High
- January 23, 2018
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Findbugs or by Jenkins? Click the Watch button to subscribe.
