CVE-2023-30524

CWE-12705 documents5 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 36.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Report Portal PluginJenkins Report Portal
Timeline
PublishedApr 12

Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Jenkins Report Portal Plugin configuration form does not mask tokens2023-04-12
GHSA
Jenkins Report Portal Plugin configuration form does not mask tokens2023-04-12
CVEList
CVE-2023-30524: Jenkins Report Portal Plugin 02023-04-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-04-122023-04-12
CVE-2023-30524 (MEDIUM CVSS 4.3) | Jenkins Report Portal Plugin 0.5 an | cvebase.io