jenkins_fitnesse

1.30

MAJOR_MINOR 1 CVE

unspecified

OTHER 2 CVEs

1.31

MAJOR_MINOR 1 CVE

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.

UNKNOWN Apr 07, 2020

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

UNKNOWN Feb 12, 2020