20 matches found
CVE-2023-25822
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
EUVD-2023-2774
Malicious code in bioql PyPI...
MAL-2024-8820 Malicious code in testcafe-reporter-ayx-reportportal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e9fb2a7d91d090c5daebf11bf839a8c406149a5eb97098ced6820c0285e4ea The OpenSSF Package Analysis project identified 'testcafe-reporter-ayx-reportportal' @ 3.9.11 npm as malicious. It is considered malicious...
Malicious code in testcafe-reporter-ayx-reportportal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56e9fb2a7d91d090c5daebf11bf839a8c406149a5eb97098ced6820c0285e4ea The OpenSSF Package Analysis project identified 'testcafe-reporter-ayx-reportportal' @ 3.9.11 npm as malicious. It is considered malicious...
com.epam.reportportal:service-authorization (>=5.11.0 <=5.11.1), com.erudika:para-jar (=1.49.0) +51 more potentially affected by CVE-2023-34042 via org.springframework.security:spring-security-config (>=5.8.4 <=5.8.6)
org.springframework.security:spring-security-config MAVEN version =5.8.4, =5.11.0, =1.73.40, =1.73.40, =1.73.40, =1.73.40, =2.35.0, =2.14.0, =2.14.0, =11.3.6, =11.3.6, =11.3.6, =11.3.6, =11.4.2 and more Source cves: CVE-2023-34042 Source advisory: OSV:GHSA-9GP8-6CG8-7H34...
Denial Of Service (DoS)
ReportPortal is vulnerable to Denial Of Service. The vulnerability is due to exceeding the allowable ltree field type indexing limit in the testitem.path field which results in denial of service...
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Impact ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the testitem.path field is exceeded the allowable "ltree" field type indexing limit path length=120 approximately, recursive nesting of the nested steps...
GHSA-MJ24-GPW7-23M9 Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Impact ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the testitem.path field is exceeded the allowable "ltree" field type indexing limit path length=120 approximately, recursive nesting of the nested steps...
CVE-2023-25822
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
Design/Logic Flaw
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
CVE-2023-25822
CVE-2023-25822 affects ReportPortal. Before version 5.10.0 of com.epam.reportportal:service-api (ReportPortal 23.2), the database can become unstable and reporting can largely halt when test_item.path exceeds the ltree indexing limit (path length ≥ 120, due to recursive nesting). The issue is add...
CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...
ReportPortal Security Vulnerabilities
ReportPortal is an open source, service-oriented, web-based platform from ReportPortal Open Source. A security vulnerability exists in ReportPortal versions prior to 5.10.0 that stems from the ReportPortal database becoming unstable when the testitem.path field exceeds the allowed indexing limit...
PT-2023-20327 · Unknown · Reportportal
Name of the Vulnerable Software and Affected Versions: ReportPortal versions prior to 5.10.0 Description: The ReportPortal database becomes unstable and reporting almost fully stops when the test item.path field exceeds the allowable ltree field type indexing limit, which occurs when the path...
Design/Logic Flaw
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
be.personify.iam:personify-api (>=1.2.6.RELEASE <=1.3.1.RELEASE), be.personify.iam:personify-frontend (>=1.2.6.RELEASE <=1.3.0.RELEASE) +58 more potentially affected by CVE-2021-22047 via org.springframework.data:spring-data-rest-core (>=3.5.0 <=3.5.5)
org.springframework.data:spring-data-rest-core MAVEN version =3.5.0, =1.2.6.RELEASE, =1.2.6.RELEASE, =1.2.5.RELEASE, =5.12.1, =5.12.0, =5.12.0, =5.12.0, =5.12.0, =2.1.0, =2.1.0, =2.1.0, =2.1.2 and more Source cves: CVE-2021-22047 Source advisory: OSV:GHSA-4926-QPXG-6R3W...