CVE-2023-30526 - OpenCVE

A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Report Portal

Configuration 1 [-]

cpe:2.3:a:jenkins:report_portal:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2950

History

No history.

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-04-12T17:05:14.987Z

Updated: 2024-08-02T14:28:51.915Z

Reserved: 2023-04-12T08:40:40.604Z

Link: CVE-2023-30526

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-12T18:15:11.223

Modified: 2023-04-20T21:45:24.180

Link: CVE-2023-30526

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object