GHSA-qgw9-vgrf-h723

Опубликовано: 12 апр. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Additionally, the configuration form does not mask these tokens, increasing the potential for attackers to observe and capture them.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:reportportal

maven

Затронутые версииВерсия исправления

<= 0.5

Отсутствует

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-30523

Дефекты

CWE-312

Связанные уязвимости

CVE-2023-30523

CVSS3: 4.3

nvd

почти 3 года назад

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

EPSS

Процентиль: 19%

0.0006

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-30523

Дефекты

CWE-312