CNNVD-202512-1955 Information

CNNVD ID

CNNVD-202512-1955

Related CVE

CVE-2025-67641

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins Coverage Plugin是Jenkins开源的一个插件。 Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_及之前版本存在安全漏洞，该漏洞源于未验证配置的覆盖率结果ID，可能导致存储型跨站脚本漏洞。

Description (English)

Jenkins Coverage Plugin is an open-source plugin for Jenkins. Jenkins Coverage Plugin 2.3054.ve1ff7b a a 123b and previous versions contain a security loophole that originates from unverified configuration coverage result ID and may lead to storage-type cross-site script holes.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3611 https://vigilance.fr/vulnerability/Jenkins-Plugins-multiple-vulnerabilities-dated-10-12-2025-49059

Patch

https://plugins.jenkins.io/coverage/