Cross-Site Request Forgery Vulnerability in Jenkins Report Portal Plugin
CVE-2023-30525

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Report Portal Plugin
Vendor: CVE Published:; 12 April 2023

What is CVE-2023-30525?

A CSRF vulnerability exists in the Jenkins Report Portal Plugin, version 0.5 and earlier, allowing attackers to manipulate user requests to connect to an attacker-specified URL. This vulnerability permits the use of a bearer token authentication method specified by the attacker, which could lead to unauthorized actions being performed on behalf of a user without their consent. Users of the affected plugin should be aware of this security risk and apply necessary mitigations as detailed in the Jenkins security advisory.

Affected Version(s)

Jenkins Report Portal Plugin 0 <= 0.5

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/13/3

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Apr 12, 2023