59 matches found
CVE-2020-12642
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...
EUVD-2023-1329
Malicious code in bioql PyPI...
EUVD-2023-1377
Malicious code in bioql PyPI...
EUVD-2023-1266
Malicious code in bioql PyPI...
EUVD-2023-1265
Malicious code in bioql PyPI...
CVE-2023-30524
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-30525
A cross-site request forgery CSRF vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication...
CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-30526
A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...
CVE-2021-29620
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
GHSA-QGW9-VGRF-H723 Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Report Portal Plugin missing permissions check
Jenkins Report Portal Plugin 0.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. Additionally, this form...
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability
Jenkins Report Portal Plugin 0.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. Additionally, this form...
GHSA-C8FF-J5GM-6492 Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability
Jenkins Report Portal Plugin 0.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. Additionally, this form...
GHSA-J55J-28WC-V338 Jenkins Report Portal Plugin configuration form does not mask tokens
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Report Portal Plugin configuration form does not mask tokens
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-C9JF-RHVG-P65R Jenkins Report Portal Plugin missing permissions check
Jenkins Report Portal Plugin 0.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. Additionally, this form...
CVE-2023-30526
A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication...