Skip to main content

Zephyr Enterprise Test Management

3 CVEs product

Monthly

CVE-2020-2145 Maven MEDIUM PATCH This Month

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zephyr Enterprise Test Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-1003085 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Zephyr Enterprise Test Management
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1003084 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Zephyr Enterprise Test Management
NVD
CVSS 3.0
6.5
EPSS
1.3%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zephyr Enterprise Test Management
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Zephyr Enterprise Test Management
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Zephyr Enterprise Test Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy