26 matches found
EUVD-2022-4476
Malicious code in bioql PyPI...
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53660
CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...
PT-2025-28911 · Jenkins · Jenkins Qmetry Test Management Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible ...
PT-2025-28912 · Jenkins · Jenkins Qmetry Test Management Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the...
CVE-2020-2215
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password...
CVE-2019-1003084
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CloudBees Jenkins Zephyr Enterprise Test Management Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr Enterprise Test Management Plugin is used in one of...
Unspecified Vulnerability in CloudBees Jenkins Zephyr for JIRA Test Management Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...
CVE-2020-2216
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...
CVE-2020-2215
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password...
Default credentials
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...
CVE-2020-2215
The CVE-2020-2215 entry concerns a CSRF flaw in Jenkins Zephyr for JIRA Test Management Plugin (versions 1.5 and earlier). The underlying issue is a cross-site request forgery vulnerability that allows attackers to cause the application to connect to an attacker-controlled HTTP server using attac...
CVE-2020-2215
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password...
PT-2020-15430 · Jenkins · Jenkins Zephyr For Jira Test Management Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr for JIRA Test Management Plugin versions 1.5 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified HTTP server using an attacker-specified username and password...
CloudBees Jenkins Zephyr for JIRA Test Management Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...
CVE-2020-2154
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system...
Unspecified Vulnerability in CloudBees Jenkins QMetry for JIRA-Test Management Plugin
CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . QMetry for JIRA-Test Management Plugin is used in one of...
Design/Logic Flaw
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Command injection
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...