CVE-2025-52491

CVE-2025-52491 affects Akamai CloudTest prior to version 60 2025.06.09 (12989) and allows server-side request forgery (SSRF). The NVD entry lists CVSS 3.1 base score 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N). Connected sources confirm the affected release and remediation guidance; PT-2025-27471 r...

CVE-2025-49493

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection...

CVE-2025-52491

Akamai CloudTest before 60 2025.06.09 12989 allows SSRF...

PT-2025-27467 · Akamai · Akamai Cloudtest

Name of the Vulnerable Software and Affected Versions: Akamai CloudTest versions prior to 60 2025.06.02 12988 Description: Akamai CloudTest is susceptible to an XML External Entity XXE injection flaw. This allows for file inclusion by manipulating XML input, potentially leading to unauthorized...

CVE-2019-1003090

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Running CloudTest on Akamai Cloud Computing

...

Jenkins SOASTA CloudTest Plugin stores API token in plain text

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...

GHSA-7HP3-5W4X-8F7C Jenkins SOASTA CloudTest Plugin stores API token in plain text

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...

GHSA-23R7-HF6G-QQQG CSRF vulnerability in Jenkins SOASTA CloudTest Plugin

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

CSRF vulnerability in Jenkins SOASTA CloudTest Plugin

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

GHSA-FHGG-J92H-29RC Missing permission check in Jenkins SOASTA CloudTest Plugin

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Missing permission check in Jenkins SOASTA CloudTest Plugin

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue results from storing credentials in...

Unspecified Vulnerability in CloudBees Jenkins SOASTA CloudTest Plugin

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . SOASTA CloudTest Plugin is used in one of the mobile...

CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10451

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Design/Logic Flaw

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10451

This CVE affects the Jenkins SOASTA CloudTest Plugin. The vulnerability stems from credentials being stored unencrypted in the global configuration file on the Jenkins master/controller, specifically in com.soasta.jenkins.CloudTestServer.xml, enabling credentials to be viewed by users with filesy...