Permission Check Flaw in Jenkins Report Portal Plugin by Jenkins
CVE-2023-30526

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Report Portal Plugin
Vendor
CVE Published:
12 April 2023

Summary

A vulnerability exists in the Jenkins Report Portal Plugin prior to version 0.5, where a missing permission check enables attackers with Overall/Read permissions to connect to user-specified URLs using bearer token authentication. This flaw can potentially be exploited to access unauthorized information or perform actions that should not be permitted, posing a risk to the integrity and confidentiality of user data.

Affected Version(s)

Jenkins Report Portal Plugin 0 <= 0.5

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2023/04/13/3

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.