VYPR
← All advisories
Moderate severityNVD Advisory· Published Jun 19, 2023· Updated Dec 11, 2024

CVE-2023-3315

CVE-2023-3315

Description

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier let attackers with Overall/Read confirm arbitrary file paths on the controller.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier let attackers with Overall/Read confirm arbitrary file paths on the controller.

Vulnerability

Description

The Jenkins Team Concert Plugin up to version 2.4.1 performs missing permission checks in certain API endpoints. This flaw allows an attacker who has only the Overall/Read permission to probe for the existence of attacker-specified file paths on the Jenkins controller's file system [1][2][3]. The root cause is the lack of proper authorization validation before executing file path checks, which should require higher-level permissions.

Exploitation and

Attack Surface

An attacker can exploit this vulnerability by sending crafted requests to the plugin's endpoints that include a file path. No additional authentication beyond the Overall/Read permission is needed, as these endpoints are exposed to any authenticated user with that minimal permission. The attack can be performed remotely without special network access, as long as the attacker can interact with the Jenkins instance [2][3].

Impact

Successful exploitation reveals whether a given file path exists on the Jenkins controller. This information can aid in reconnaissance, helping attackers map the filesystem layout, identify configuration files, or determine the presence of sensitive files. The vulnerability does not allow reading the contents of files, only verifying their existence [2][3].

Mitigation

The issue is fixed in Team Concert Plugin version 2.4.2, as evidenced by the commit that added the proper permission checks [1]. Users are advised to update to the latest version. There is no known workaround; upgrading is the recommended action. The vulnerability was disclosed in the Jenkins Security Advisory of June 14, 2023 [2].

References
  1. Work Item 562060 - SECURITY-2932 · jenkinsci/teamconcert-plugin@c77dc84
  2. Jenkins Security Advisory 2023-06-14
  3. NVD - CVE-2023-3315

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:teamconcertMaven
< 2.4.22.4.2

Affected products

2

Patches

1
c77dc8406070

Work Item 562060 - SECURITY-2932

https://github.com/jenkinsci/teamconcert-pluginBhagyashree BholeMay 23, 2023via ghsa
commit
13 files changed · +262 52
  • com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2.jar+0 0 added
  • com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2.pom+105 0 added
    @@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Copyright (c) 2013, 2021 IBM Corporation and others.
+    All rights reserved. This program and the accompanying materials
+    are made available under the terms of the Eclipse Public License v1.0
+    which accompanies this distribution, and is available at
+    http://www.eclipse.org/legal/epl-v10.html
+ 
+    Contributors:
+        IBM Corporation - initial API and implementation
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.ibm.team.build</groupId>
+	<artifactId>com.ibm.team.build.hjplugin-rtc</artifactId>
+	<version>2.4.2</version>
+	<packaging>eclipse-plugin</packaging>
+
+	<properties>
+        <tycho-version>0.25.0</tycho-version>
+        <rtc-client-p2repo-url>${RTC_Client_p2Repo}</rtc-client-p2repo-url>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<project.build.outputEncoding>UTF-8</project.build.outputEncoding>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<rtcJarVersion>${project.version}</rtcJarVersion>
+		<java.level>8</java.level>  
+		<maven.compiler.source>1.8</maven.compiler.source>      
+		<maven.compiler.target>1.8</maven.compiler.target>
+	</properties>
+
+	<repositories>
+		<!-- configure p2 repository to resolve against -->
+		<repository>
+			<id>rtc-401</id>
+			<layout>p2</layout>
+			<url>${rtc-client-p2repo-url}</url>
+		</repository>
+	</repositories>
+
+	<build>
+		<plugins>
+			<plugin>
+				<!-- enable tycho build extension -->
+				<groupId>org.eclipse.tycho</groupId>
+				<artifactId>tycho-maven-plugin</artifactId>
+				<version>${tycho-version}</version>
+				<extensions>true</extensions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.13</version>
+				<configuration>
+					<skipTests>true</skipTests>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<version>2.4</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				 <artifactId>maven-antrun-plugin</artifactId>
+				 <version>1.1</version>
+				 <executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+						<tasks>
+							<echo>Copy rtc jars into hjplugin</echo>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar"/>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar"/>
+							<echo>Copy rtc jars into hjplugin-rtc.tests</echo>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar"/>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar"/>
+						</tasks>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+		<resources>
+			<resource>
+				<directory>src/main/java</directory>
+				<includes>
+					<include>**/*.properties</include>
+				</includes>
+			</resource>
+		</resources>
+	</build>
+
+</project>
  • com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2-tests.jar+0 0 added
  • com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/maven-metadata-local.xml+4 4 modified
    @@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 /*******************************************************************************
- * (c) Copyright IBM Corporation and others 2013, 2022 
+ * (c) Copyright IBM Corporation and others 2013, 2023 
  * All rights reserved. This program and the accompanying materials 
  * are made available under the terms of the Eclipse Public License v1.0 
  * which accompanies this distribution, and is available at 
@@ -15,10 +15,10 @@
   <groupId>com.ibm.team.build</groupId>
   <artifactId>com.ibm.team.build.hjplugin-rtc</artifactId>
   <versioning>
-    <release>2.4.1</release>
+    <release>2.4.2</release>
     <versions>
-      <version>2.4.1</version>
+      <version>2.4.2</version>
     </versions>
-    <lastUpdated>20220112065525</lastUpdated>
+    <lastUpdated>20230217101731</lastUpdated>
   </versioning>
 </metadata>
  • com.ibm.team.build.hjplugin-rtc/src/test/java/com/ibm/team/build/internal/hjplugin/rtc/tests/TestUtils.java+7 9 modified
    @@ -1,12 +1,10 @@
 /*******************************************************************************
- * Copyright (c) 2016, 2021 IBM Corporation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *     IBM Corporation - initial API and implementation
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2016, 2022. All Rights Reserved.
+ * 
+ * Note to U.S. Government Users Restricted Rights:  Use,
+ * duplication or disclosure restricted by GSA ADP Schedule 
+ * Contract with IBM Corp.
  *******************************************************************************/
 
 package com.ibm.team.build.internal.hjplugin.rtc.tests;
@@ -25,7 +23,7 @@ public class TestUtils {
      */
 	public static String getUniqueName(String prefix) {
 		String suffix1 = (SimpleDateFormat.getDateTimeInstance
-				(DateFormat.LONG, DateFormat.FULL)).format(new Date()).replace(" ","-");
+				(DateFormat.LONG, DateFormat.FULL)).format(new Date()).replace(" ","-").replace(":", "-");
 		SecureRandom random = new SecureRandom();
 		Long suffix2 = random.nextLong();
 		return prefix + "_" + suffix1 + "_" + Long.toHexString(suffix2);
  • com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2.jar+0 0 added
  • com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2.pom+105 0 added
    @@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Copyright (c) 2013, 2021 IBM Corporation and others.
+    All rights reserved. This program and the accompanying materials
+    are made available under the terms of the Eclipse Public License v1.0
+    which accompanies this distribution, and is available at
+    http://www.eclipse.org/legal/epl-v10.html
+ 
+    Contributors:
+        IBM Corporation - initial API and implementation
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.ibm.team.build</groupId>
+	<artifactId>com.ibm.team.build.hjplugin-rtc</artifactId>
+	<version>2.4.2</version>
+	<packaging>eclipse-plugin</packaging>
+
+	<properties>
+        <tycho-version>0.25.0</tycho-version>
+        <rtc-client-p2repo-url>${RTC_Client_p2Repo}</rtc-client-p2repo-url>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<project.build.outputEncoding>UTF-8</project.build.outputEncoding>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<rtcJarVersion>${project.version}</rtcJarVersion>
+		<java.level>8</java.level>  
+		<maven.compiler.source>1.8</maven.compiler.source>      
+		<maven.compiler.target>1.8</maven.compiler.target>
+	</properties>
+
+	<repositories>
+		<!-- configure p2 repository to resolve against -->
+		<repository>
+			<id>rtc-401</id>
+			<layout>p2</layout>
+			<url>${rtc-client-p2repo-url}</url>
+		</repository>
+	</repositories>
+
+	<build>
+		<plugins>
+			<plugin>
+				<!-- enable tycho build extension -->
+				<groupId>org.eclipse.tycho</groupId>
+				<artifactId>tycho-maven-plugin</artifactId>
+				<version>${tycho-version}</version>
+				<extensions>true</extensions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.13</version>
+				<configuration>
+					<skipTests>true</skipTests>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<version>2.4</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				 <artifactId>maven-antrun-plugin</artifactId>
+				 <version>1.1</version>
+				 <executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+						<tasks>
+							<echo>Copy rtc jars into hjplugin</echo>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar"/>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar"/>
+							<echo>Copy rtc jars into hjplugin-rtc.tests</echo>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}.jar"/>
+							<copy file="${basedir}/target/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar" tofile="${basedir}/../com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/${rtcJarVersion}/com.ibm.team.build.hjplugin-rtc-${rtcJarVersion}-tests.jar"/>
+						</tasks>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+		<resources>
+			<resource>
+				<directory>src/main/java</directory>
+				<includes>
+					<include>**/*.properties</include>
+				</includes>
+			</resource>
+		</resources>
+	</build>
+
+</project>
  • com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/2.4.2/com.ibm.team.build.hjplugin-rtc-2.4.2-tests.jar+0 0 added
  • com.ibm.team.build.hjplugin-rtc.tests/repo/com/ibm/team/build/com.ibm.team.build.hjplugin-rtc/maven-metadata-local.xml+4 4 modified
    @@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 /*******************************************************************************
- * (c) Copyright IBM Corporation and others 2013, 2022 
+ * (c) Copyright IBM Corporation and others 2013, 2023 
  * All rights reserved. This program and the accompanying materials 
  * are made available under the terms of the Eclipse Public License v1.0 
  * which accompanies this distribution, and is available at 
@@ -15,10 +15,10 @@
   <groupId>com.ibm.team.build</groupId>
   <artifactId>com.ibm.team.build.hjplugin-rtc</artifactId>
   <versioning>
-    <release>2.4.1</release>
+    <release>2.4.2</release>
     <versions>
-      <version>2.4.1</version>
+      <version>2.4.2</version>
     </versions>
-    <lastUpdated>20220112065525</lastUpdated>
+    <lastUpdated>20230217101731</lastUpdated>
   </versioning>
 </metadata>
  • com.ibm.team.build.hjplugin/src/main/java/com/ibm/team/build/internal/hjplugin/RTCBuildResultAction.java+8 10 modified
    @@ -1,12 +1,10 @@
 /*******************************************************************************
- * Copyright (c) 2013, 2019 IBM Corporation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *     IBM Corporation - initial API and implementation
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2008, 2023. All Rights Reserved.
+ * 
+ * Note to U.S. Government Users Restricted Rights:  Use,
+ * duplication or disclosure restricted by GSA ADP Schedule 
+ * Contract with IBM Corp.
  *******************************************************************************/
 
 package com.ibm.team.build.internal.hjplugin;
@@ -18,8 +16,8 @@
 import hudson.model.AbstractBuild;
 
 import java.io.Serializable;
-import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -61,7 +59,7 @@ public class RTCBuildResultAction implements Serializable, Action, EnvironmentCo
 	private final String serverURI;
 	// meaning has changed but the name remains the same for serialization
 	private final boolean createdBuildResult;
-	private final Map<String, String> buildProperties = new HashMap<String, String>();
+	private final Map<String, String> buildProperties = new ConcurrentHashMap<String, String>();
 	private final transient RTCScm scm;
 	
 	/**
  • com.ibm.team.build.hjplugin/src/main/java/com/ibm/team/build/internal/hjplugin/RTCBuildToolInstallation.java+8 8 modified
    @@ -1,12 +1,10 @@
 /*******************************************************************************
- * Copyright (c) 2013, 2015 IBM Corporation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *     IBM Corporation - initial API and implementation
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2008,2023. All Rights Reserved.
+ * 
+ * Note to U.S. Government Users Restricted Rights:  Use,
+ * duplication or disclosure restricted by GSA ADP Schedule 
+ * Contract with IBM Corp.
  *******************************************************************************/
 
 package com.ibm.team.build.internal.hjplugin;
@@ -24,6 +22,7 @@
 import hudson.tools.ToolProperty;
 import hudson.tools.ToolInstallation;
 import hudson.util.FormValidation;
+import jenkins.model.Jenkins;
 
 import java.io.File;
 import java.io.FileFilter;
@@ -117,6 +116,7 @@ public static FormValidation validateBuildToolkit(boolean warnOnly, String path)
 	 */
 	public static FormValidation validateBuildToolkit(boolean warnOnly, File toolkitFile) {
 		String message = null;
+		Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
 		if (!toolkitFile.exists()) {
 			LOGGER.finer("BuildToolKit folder not found : " + toolkitFile.getAbsolutePath()); //$NON-NLS-1$
 			message = Messages.RTCBuildToolInstallation_toolkit_not_found();
  • com.ibm.team.build.hjplugin/src/main/java/com/ibm/team/build/internal/hjplugin/RTCLoginInfo.java+8 8 modified
    @@ -1,12 +1,10 @@
 /*******************************************************************************
- * Copyright (c) 2014, 2021 IBM Corporation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *     IBM Corporation - initial API and implementation
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2008,2023. All Rights Reserved.
+ * 
+ * Note to U.S. Government Users Restricted Rights:  Use,
+ * duplication or disclosure restricted by GSA ADP Schedule 
+ * Contract with IBM Corp.
  *******************************************************************************/
 package com.ibm.team.build.internal.hjplugin;
 
@@ -16,6 +14,7 @@
 import hudson.model.TaskListener;
 import hudson.security.ACL;
 import hudson.util.FormValidation;
+import jenkins.model.Jenkins;
 
 import java.io.File;
 import java.lang.reflect.InvocationTargetException;
@@ -291,6 +290,7 @@ public static FormValidation validatePasswordFile(String credentialsId,
 			if (credentialsId != null && userId == null) {
 				return FormValidation.warning(Messages.RTCLoginInfo_password_file_ignored());
 			}
+			Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
 			File passwordFileFile = new File(passwordFile);
 			if (!passwordFileFile.exists()) {
 				LOGGER.finer("Password file does not exist " + passwordFileFile.getAbsolutePath()); //$NON-NLS-1$
  • com.ibm.team.build.hjplugin/src/test/java/com/ibm/team/build/internal/hjplugin/steps/tests/AbstractRTCBuildStepTest.java+13 9 modified
    @@ -1,12 +1,10 @@
 /*******************************************************************************
- * Copyright (c) 2021 IBM Corporation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *     IBM Corporation - initial API and implementation
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2008. All Rights Reserved.
+ * 
+ * Note to U.S. Government Users Restricted Rights:  Use,
+ * duplication or disclosure restricted by GSA ADP Schedule 
+ * Contract with IBM Corp.
  *******************************************************************************/
 package com.ibm.team.build.internal.hjplugin.steps.tests;
 
@@ -168,7 +166,13 @@ protected void helperTestNoServerURI(JenkinsRule rule, String prefix, String tas
 		WorkflowRun run = requestJenkinsBuild(j);
 		String log = getLog(run);
 		// The default server URI is https://localhost:9443/ccm
-		Assert.assertTrue(log, log.contains("CRJAZ1371E The following URL cannot be reached:"));
+		if (log.contains("CRJAZ1371E")) {
+			Assert.assertTrue(log, log.contains("CRJAZ1371E The following URL cannot be reached:"));
+		} else if (log.contains("CRJAZ1687E")) {
+			Assert.assertTrue(log, log.contains("CRJAZ1687E Unable to connect to the server with URI"));
+		} else {
+			Assert.fail(String.format("log doesn't contains either of CRJAZ1371E or CRJAZ1687E in %s log",log));
+		}
 		Assert.assertTrue(log, log.contains("localhost:9443"));
 		Utils.dumpLogFile(run, prefix, "noServerURI", ".log");
 	}

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

1