Junit Jenkins Junit

Do you want an email whenever new security vulnerabilities are reported in Jenkins Junit?

By the Year

In 2023 there have been 1 vulnerability in Jenkins Junit with an average score of 5.4 out of ten. Last year Junit had 2 security vulnerabilities published. Right now, Junit is on track to have less security vulnerabilities in 2023 than it did last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2023 and last year was the same.

Year Vulnerabilities Average Score
2023 1 5.40
2022 2 5.40
2021 0 0.00
2020 0 0.00
2019 1 6.50
2018 1 8.30

It may take a day or so for new Junit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Junit Security Vulnerabilities

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions

CVE-2023-25761 5.4 - Medium - February 15, 2023

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

XSS

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner

CVE-2022-45380 5.4 - Medium - November 15, 2022

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XSS

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results

CVE-2022-34176 5.4 - Medium - June 23, 2022

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

XSS

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java

CVE-2018-1000411 6.5 - Medium - January 09, 2019

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.

Session Riding

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process

CVE-2018-1000056 8.3 - High - February 09, 2018

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

XXE

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Junit or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Junit
Product

subscribe