CVE-2023-30523

Vulnerability

Description

The Jenkins Report Portal Plugin versions 0.5 and earlier stores ReportPortal access tokens in plaintext within job config.xml files on the Jenkins controller [1][3]. This occurs because the plugin does not encrypt or mask the token when saving job configuration, leaving the credential visible in the file system [1].

Exploitation

Prerequisites

To exploit this vulnerability, an attacker must have either Item/Extended Read permission on a Jenkins job or direct access to the Jenkins controller's file system [1][3]. No additional authentication is required to read the token once the config.xml file is accessible [1].

Impact

An attacker who obtains the plaintext access token can authenticate to the ReportPortal service, potentially gaining unauthorized access to test reports, project data, and other resources managed by ReportPortal [1][3]. The severity is considered medium due to the prerequisite of existing permissions or file system access [1].

Mitigation

Status

As of the Jenkins Security Advisory 2023-04-12, the Report Portal Plugin is listed among plugins with unresolved security issues [1][2]. No patched version has been released. Users are advised to restrict Item/Extended Read permissions, limit file system access to the controller, or remove the plugin if not needed [1][2].