Jenkins Flaky Test Handler
By the Year
In 2023 there have been 1 vulnerability in Jenkins Flaky Test Handler with an average score of 5.4 out of ten. Last year Flaky Test Handler had 1 security vulnerability published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 2.70
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 5.40 |
| 2022 | 1 | 8.10 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 4.30 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Flaky Test Handler vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Flaky Test Handler Security Vulnerabilities
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI
CVE-2023-40342
5.4 - Medium
- August 16, 2023
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
XSS
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-28140
8.1 - High
- March 29, 2022
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
XXE
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier
CVE-2020-2237
4.3 - Medium
- August 12, 2020
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Flaky Test Handler or by Jenkins? Click the Watch button to subscribe.
