Jenkins Elastest vulnerabilities
3 known vulnerabilities affecting jenkins/elastest.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-2274MEDIUMCVSS 5.5≤ 1.2.12020-09-16
CVE-2020-2274 [MEDIUM] CWE-312 CVE-2020-2274: Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global confi
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
nvd
CVE-2020-2273MEDIUMCVSS 4.3≤ 1.2.12020-09-16
CVE-2020-2273 [MEDIUM] CWE-352 CVE-2020-2273: A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allow
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
nvd
CVE-2020-2272MEDIUMCVSS 4.3≤ 1.2.12020-09-16
CVE-2020-2272 [MEDIUM] CWE-862 CVE-2020-2272: A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overal
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
nvd