Lucene search

K
cve[email protected]CVE-2023-30526
HistoryApr 12, 2023 - 6:15 p.m.

CVE-2023-30526

2023-04-1218:15:11
CWE-862
web.nvd.nist.gov
13
cve-2023-30526
jenkins
report portal plugin
security
vulnerability
authentication
permission check
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

40.4%

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.

Affected configurations

NVD
Node
jenkinsreport_portalRange0.5jenkins

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Jenkins Report Portal Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "0.5",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

40.4%

Related for CVE-2023-30526