Jenkins Junit
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Junit . Last year Junit had 1 security vulnerability published. Right now, Junit is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 5.40 |
2022 | 2 | 5.40 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 6.50 |
2018 | 1 | 8.30 |
It may take a day or so for new Junit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Junit Security Vulnerabilities
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions
CVE-2023-25761
5.4 - Medium
- February 15, 2023
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
XSS
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner
CVE-2022-45380
5.4 - Medium
- November 15, 2022
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results
CVE-2022-34176
5.4 - Medium
- June 23, 2022
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
XSS
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java
CVE-2018-1000411
6.5 - Medium
- January 09, 2019
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
Session Riding
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process
CVE-2018-1000056
8.3 - High
- February 09, 2018
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Junit or by Jenkins? Click the Watch button to subscribe.