Lucene search
HistoryApr 12, 2023 - 6:15 p.m.
CVE-2023-30526
cve-2023-30526
jenkins
report portal plugin
security
vulnerability
authentication
permission check
nvd
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
40.4%
A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.
Affected configurations
Node
jenkinsreport_portalRange≤0.5jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:report_portal | jenkins report portal | le | 0.5 |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins Report Portal Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
prion
prion
Authentication flaw
2023-04-12 18:15:00
github
github
Jenkins Report Portal Plugin missing permissions check
2023-04-12 18:30:36
cvelist
cvelist
CVE-2023-30526
2023-04-12 17:05:14
osv
osv
Jenkins Report Portal Plugin missing permissions check
2023-04-12 18:30:36
nvd
nvd
CVE-2023-30526
2023-04-12 18:15:11
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
40.4%
Related for CVE-2023-30526