Skip to main content

Elastest

3 CVEs product

Monthly

CVE-2020-2274 Maven MEDIUM This Month

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Elastest
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-2273 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Elastest
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2272 Maven MEDIUM This Month

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Elastest
NVD
CVSS 3.1
4.3
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Elastest
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Elastest
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Elastest
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy