Advisories for Maven/Org.jenkins-Ci.plugins/Flaky-Test-Handler package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

2022

Improper Restriction of XML External Entity Reference

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

2020

Cross-Site Request Forgery (CSRF)

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler allows attackers to rebuild a project at a previous git revision.