Vulnerabilities
Vulnerable Software
Jenkins:  >> Fitnesse  >> 1.8.1  Security Vulnerabilities
Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-24
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-04-07
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.8
EPSS Score
0.011
Published
2020-02-12


Contact Us

Shodan ® - All rights reserved