Jenkins Code Coverage API Plugin 1.1.2 and previous versions does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins code coverage api |