3 matches found
CVE-2019-1003084
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system. Zephyr Enterprise Test...
CVE-2019-1003084
CVE-2019-1003084 concerns a cross-site request forgery in the Jenkins Zephyr Enterprise Test Management Plugin, specifically in the ZeeDescriptor#doTestConnection form validation. The issue permits an attacker to initiate a connection to an attacker-specified server, representing a CSRF vulnerabi...